"Father Time" Gets Another Year At NTP From Linux Foundation 157
dkatana writes: Harlan Stenn, Father Time to some and beleaguered maintainer of the Network Time Protocol (NTP) to others, will stay working for the NTP another year. But there is concern that support will decline as more people believe that NTP works just fine and doesn't need any supervision. NTP is the preeminent time synchronization system for Macs, Windows, and Linux computers and most servers on networks. According to IW, for the last three-and-a-half years, Stenn said he's worked 100-plus hours a week answering emails, accepting patches, rewriting patches to work across multiple operating systems, piecing together new releases, and administering the NTP mailing list. If NTP should get hacked or for some reason stop functioning, hundreds of thousands of systems would feel the consequences. "If that happened, all the critics would say, 'See, you can't trust open source code,'" said Stenn.
Well, you *can't* trust open-source code (Score:5, Insightful)
Nor can you trust closed-source code.
But while "open source makes all bugs shallow" is demonstrably a fallacy, at least you CAN see the source if you need to. (Good luck understanding it, though - says this pretty good C developer who just about shit when he had to look at OpenSSL/SSH code...)
Re: (Score:3)
And understanding it is more than being a programmer - it's also understanding the problem domain.
Re: (Score:1)
Some of that is just that SSL is complex, though, especially the crypto. I had to read the openssl verify code to figure out precisely which bits are needed in certain certs and it was pretty easy to figure out.
Re: (Score:2)
But while "open source makes all bugs shallow" is demonstrably a fallacy
Well, sure if you make stuff up on the spot you can generate arbitrary fallacies. The actual quote was:
"given enough eyeballs all bugs are shallow"
And I've only ever seen it "disproved" by people who thoroughly misunderstand it.
Good luck understanding it, though - says this pretty good C developer who just about shit when he had to look at OpenSSL/SSH code...
And this actually demonstrates the code, not disproves it. The OpenSSL code is
Re: (Score:2)
"given enough eyeballs all bugs are shallow"
On the other hand, many (most?) people are taught or learn programming in the same way or much the same way. This means that we all (to simplify the point) will look at things the same way and may all overlook the same problem.
I worked on an N-version fault-tolerance research project in college way back in the mid 1980s that studied this and used different programming languages -- some wildly different, like Pascal and Prolog -- as the N versions to see if using different languages would provide more cov
Re: (Score:2)
The citation would be in the original research proposal way back in 1985 my instructor, and the principal researcher, did for NASA. In addition, most of the languages you mentioned Pascal, C, C++, Java, Javascript) are all very similar in structure/syntax and that influences the way they are used to solve problems.
Also most people -- or groups of people -- are taught how to program in a similar fashion, using the same or similar languages -- think university CS course sequence 100, 200, 300 that probably
Bus Factor (Score:5, Insightful)
With all due to respect to Harlan Stenn, and working under the assumption that he will choose to continue to maintain NTP for the good of everyone who uses it, the biggest donation that could possibly be given to the NTP project would be to increase its bus factor. Basically, we need at least another small handful of people -- ideally distributed throughout the world -- who have the same level of knowledge and expertise as Harlan in the area of network time, and can thus take his place if, for any reason whatsoever Harlan can't continue to work on the NTP project.
Getting Harlan to continue working on it is a short-term solution, but the sustainable future is to ensure that we have maintainers who can take his place -- ideally, paid ones.
So what we need is for a company like Red Hat or IBM or Microsoft or Canonical to bankroll a developer who has at least strong fundamentals that would enable them to quickly pick up advanced knowledge of network time, and then spend most of their working hours acquiring more knowledge about it so that it can be maintained going forward. This would probably involve a lot of ML posts with Harlan (or reading his previous ones), as well as any other developers/maintainers working on pieces of the code.
If Harlan is absolutely instrumental to the project as it stands now, the solution is to have a backup or two, who ideally are being paid a living wage to ensure the continuity of knowledge and expertise if Harlan willingly or unwillingly stopped contributing.
Projects with a bus factor of 1 that are widely relied upon need to be identified and highlighted every now and again -- not to make a case to shower the developer in money, but to get other developers to work in the same space and increase the bus factor to at least 3.
Re: (Score:1)
And why, exactly, is some company going to pay people to maintain NTP? Its been around for years and quite apparently it has been a time sink for the maintainer and no one has decided to bank roll the effort in any significant way.
Money makes the world go 'round folks. If it doesn't make money, people are not going to put money into it.
Re: (Score:2)
One possible mercenary reason: because their consumers will blame them if the Internet fucks up, even if it's not their fault. Therefore it behooves them to ensure that the Internet keeps working without a major incident.
Re: (Score:2)
Linux Foundation sponsored developer who has extraordinary knowledge of NTP and time issues: http://phk.freebsd.dk/time/ind... [freebsd.dk]
But apparently something went iffy between them, as last commit to https://github.com/bsdphk/Ntim... [github.com] was over a half year ago.
Re: (Score:2)
Hope this effort will continue.
Re: (Score:2)
The phrase you're looking for is "single point of failure". And yes, Harlan Stenn is a single point of failure. And no, that's not good.
Boo Fucking Hoo (Score:1)
If he doesn't like it, start a foundation and start transferring rights & control of NTP to the foundation. Instead, he refuses to give up control and complains about the heavy workload and lack of funds. The internet has grown up & out, the era of "Jon Postels" is over.
re: John Postel (Score:1)
And that's a shame.
Upkeep (Score:1)
How is it that an old tech like NTP with a fixed protocol need so much maintenance? That should have already settled out and just need minor patching for new architectures.
Re:Upkeep (Score:4, Insightful)
A lot of it has to do with the fact that the system calls that you use to arrange time sync are, well, fragile and obscure and all-too-frequently broken by a new OS release. Also, a lot of bugs with respect to time synchronization are subtle and quick to anger and require quite a bit of time to reproduce and analyze.
In some ways, it would be a heck of a lot easier if we just forgot about stuff like having a monotonically increasing clock and clock skew caused by network latency. Just have everyone hard-set their clock every day from a GPS receiver, say. Of course, you'd end up with poor synchronization amongst hosts, which would easily cause its own kind of havoc. And your timestamps would be untrustworthy during that period where you are hard-setting the clock. There isn't a perfect solution.
Isn't it built into systemd already? (Score:3, Funny)
Poettering and the rest already have a time solution, why keep this old neckbeard around?
Re: (Score:1)
"NTP works just fine" (Score:1)
Re: (Score:2)
Re: (Score:2)
TCP is great if you want the accuracy of calling someone on the phone and saying "now".
this is totally bizarre statement, tcp streams get backed up, packets get retransmitted, data arrives at the client at a completely indeterminate time.
Re: (Score:2)
not just NTP (Score:3, Insightful)
it's not just NTP that is languishing, perhaps a dozen other open source projects that the Internet depends on, each with one greybeard maintainer, underfunded or neglected entirely, going away soon, lose that institutional knowledge.
C'mon Apple, Google, Facebook, give back a little.
Linux Foundation trying to work out who to give to (Score:1)
The Linux Foundation has already given funding to a few open source projects it considers "core" [coreinfrastructure.org] (which includes the original NTP project) and has been trying to assess which other core products are most at risk [lwn.net]. From looking at the members page, at least two of the companies you mentioned (Google, Facebook) are part of the Linux Foundation [linuxfoundation.org] so the giving back has at least started...
Re: (Score:2)
In the case of NTP there is a even bigger problem: the definition of UTC is done by international organisations that have trouble finding a consensus.
Re: (Score:2)
OP said "give back", not "pay for". Meditate for a week or two on the difference between those, then come back and try again.
Lets calculate that ... (Score:3)
7 days = 1 week
times 24 hours = 168 hours
Or in other words, he does not work in NTP 68 hours a week = 8.5h a day.
So considering that a person needs half an hour a day for eating, actually I eat longer, some sleep, some time on the toilet, some people even shower - shudder if that is longer than 5 mins - and usually you get dressed sometimes you have to go shopping ...
Well, I assume he is a nerd, sleeping in his bathrobe, so he saves dressing, showers only once a week and gets everything ordinary people shop via mail/internet order ...
Perhaps he should consider to hire an assistant? Or raise funds for one ... sorry: no one is working 100 hours a week.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
If you're telling the truth, then we all owe you our thanks. You've got mine.
Re: (Score:1)
Re: (Score:1)
Your math is wrong and appears to assume an eight day week. Working 100 hours in 7 days is about 14 hours per day, leaving about 10 hours each day for rest, eating and hygene. That would be stressful, but it is certainly possible. Heck,I did that for a while in college.
Re: (Score:2)
sorry: no one is working 100 hours a week.
You have clearly lived a very sheltered life.
I used to work two jobs to make ends meet. 16 hours a day (lol, more like 18 once everything was done) working as a manager at a security guard agency 4 days a week and then for the other 3 days each week, I worked 12 hours a day assembling powermacs for Apple. I averaged 116 hours a week for 2 years.
Many single moms have it just as bad or worse since kids do not allow time off. You clearly have no idea what life is like near minimum wage. If you did, you would k
Re: (Score:2)
That is because you live in a fucked up country.
Of course I know that some people indeed work 100h a week.
My claim was more figurative. Pointing at the "high skilled worker" who claims to work 100h a week for NTP.
Linux Foundation Core Infrastructure Initiative (Score:2, Informative)
Not particularly highlighted in the article is that the LF CII is funding a small team of developers with NTP experience to focus on security hardening, development process modernization, and opening the community. There is concern about the bus factor and an attempt is being made to address it.
No critical infrastructure project should ever be so dependent on a single developer.
NTP the protocal vs NTP the software package (Score:4, Insightful)
Let's be clear here - we are talking about one particular software package - albeit a very popular one - and not the underlying protocol [ietf.org] (which itself is subject to errata [rfc-editor.org], some of which are still under discussion).
Tragedy of the Commons (Score:2)
Ah, well, this is how it always goes.
No private, for-profit entity will happily provide support for maintenance of a non-profit entity that provides a universal service, for example time-synchronization, upon which their lifeblood depends.
OK, so I am past wasting breath. For the uninitiated, just find the Wikipedia article on the "Tragedy of the C
Linux Foundation Did Fund Alternative (Score:1)
Obviously no one has read the article. The Linux Foundation funded Harlan (who has a foundation) and a group to do NTPsec. An effort to harden NTP, modernize development processes, open the community, and fix the bus factor.
NTP still stuck with MD5 authentication (Score:2)
Re: (Score:1)
Depends on when you submit the patch.
Re: (Score:2)
If NTP should get hacked... (Score:3, Interesting)
"If NTP should get hacked or for some reason stop functioning, hundreds of thousands of systems would feel the consequences."
Hah! Anyone attend DefCon23 last weekend? I am going to assume somebody did because it was awfully crowded at the old Paris Hotel, Las Vegas.
https://defcon.org/html/defcon-23/dc-23-speakers.html#Selvi
Are there even 100 hours in a week? (Score:2)
I'm not saying I don't appreciate his work, but 100 hours a week doesn't add up. Unless he's counting multiple people? Which would be reasonable, let's find funding for him and some sort of helper/assistant/apprentice.
Re: (Score:2)
Not impressed (Score:2)
According to IW, for the last three-and-a-half years, Stenn said he's worked 100-plus hours a week answering emails, accepting patches, rewriting patches to work across multiple operating systems, piecing together new releases, and administering the NTP mailing list.
First off, bullshit. Well, bullshit or he sucks at his job or he doesn't want to do anything BUT his job.
If that was a problem, he could say 'I quit' and he would get help. But he doesn't. And he's not the maintainer of the protocol, just a daemon, arguably not even the best one at this point, especially based on his claims of how much work it takes to keep it going.
This whole thing wreaks of whiney little bitch syndrome.
If he wanted Apple to contribute to his lively hood he should have contracted like a
Re:Nature of open source (Score:5, Insightful)
I got news for you; if NTP was non-free, it never would have been used outside of the lab where it was created. There would be 1000 competing network time sync strategies, Microsoft would blithely tell the whole world theirs is the best and universally compatible, while not actually being universally compatible with anything other than third-party malware, and it would be damned-near impossible for anyone without a Master's and 20 years of industry experience to succeed at establishing time synchronization across networks of machines supplied by a heterogeneous mix of OS and hardware vendors. You really want to take NTP and throw it in the same playpen where file-sharing and web-markup language standards got mangled? Really?
Re: (Score:1)
There would be 1000 competing network time sync strategies There would be 1000 competing network time sync strategies
Actually, there wouldn't. Because there is only one that works. And that is how NTP works.
If you had spent some time to figure how it works you had not such a strange idea.
succeed at establishing time synchronization across networks of machines supplied by a heterogeneous mix of OS and hardware vendors. ... OS and hardware and vendor have nothing to do with synchronizing time in a n
You see
Re: (Score:1)
So you think because you disagree with my use of the word "strategies" where maybe I should have typed "services," "products," or "protocols" invalidates the entire rest of my statement?
I'd love to see you justify your apparently hyper-naive assumption of how having a mix of entirely separate OS and hardware compatibility issues to contend with would have "nothing to do with" the task of getting network time to properly sync up in the hypothetical world where NTP wasn't already the de-facto industry stanard
Re: (Score:1)
I'd love to see you justify your apparently hyper-naive assumption of how having a mix of entirely separate OS and hardware compatibility issues to contend with would have "nothing to do with" the task of getting network time to properly sync up in the hypothetical world where NTP wasn't already the de-facto industry stanard
Well it is the Network Time Protocol, you're going to have a hard time leveraging the services of time synchronization servers if your operating system doesn't correctly implement this protocol.
but Microsoft's non-cooperation strategy still permeates everything.
Last time I looked Microsoft used NTP, it's even licensed under a permissive open source license so they could create their own incompatible, proprietary fork if they wanted to but they haven't. So what exactly is this "non-cooperation strategy" that permeates everything?
Re: (Score:1)
... answer is a resounding "no".
Here's the point where we differ. You actually think this statement has been proven to be anything other than completely farcical, despite failing to show why. You purport to naively assume this to be the case, but its provably factually inaccurate based on numerous prior incidents. Microsoft is NO friend of interoperability, despite the fact they haven't managed to completely quash it in all aspects of their software interactions with foreign systems. In your gleeful fervor to try to show off your soph
Re: (Score:2, Insightful)
Here's the point where we differ.
Except that is you just saying a fact is not a fact because you don't want it to be a fact. Microsoft uses the Network Time Protocol and it works across all the major operating systems, this is a fact and no amount of you saying "we differ" is going to change that.
but its provably factually inaccurate based on numerous prior incidents.
No you have it backwards, they use the open source, permissively licensed Network Time Protocol just like everybody else. That's why Windows, GNU/Linux and OSX machines can all synchronize time between them.
which is that Microsoft *certainly* would sabotage NTP
Except the irrefutable fact is that they
Re: (Score:2)
And we all know that silly things never happen.
Re: (Score:2)
"I'd love to see you justify your apparently hyper-naive assumption of how having a mix of entirely separate OS and hardware compatibility issues to contend with would have "nothing to do with" the task of getting network time to properly"
Would much more easy if you pointed out one single issue that is(might be) OS related.
AFAIK sockets work on all OSes the same ...
Re: (Score:2)
You have no clue, do you?
You cannot simply send a string "It is not 21 hours, 14 minutes, Coordinated Universal Time" across the Internet and reliably set a clock. Network latencies vary. The NTP service attempts to minimize that by working with multiple time sources and attempting to form a consensus. It will never be totally precise, but it will be better than single-source timing. It's just one possible solution out of potentially thousands, but it's the popular one.
And, like any Internet service, there
Re: (Score:2)
You have no clue, do you?
Yes, I have. The rest of your post implies: you have not.
Sorry, you lost me in the middle, what is your issue?
Re: (Score:2)
I got a suggestion for you: engage sarcasm detector before posting.
I think you and several other folks just got righteously whoooshed.
Re: (Score:2)
Oh yeah, good thing there is no fragmentation or duplication of effort or competing incompatible layers in open source.
None at all.
who is talking about open source in general? Nobody. we are talking about NTP implementations. How much fragmentation is there in NTP implementations? Really? Huh?
Okay, not that I don't love open source, but you're not making a great argument.
duh, straw men don't fight back. you put words in their mouth and you argue with those words. haven't you got the basics of bad arguing down yet?
Re: (Score:2)
Someone will likely take it up if he quits, but that is an interesting experiment in how this all works if there is a scramble. Will someone form a working group? Will some corporation take up the work by handing it to one or two devs? Will one, sole maintainer step forward and simply fill the vacancy?
Since he hasn't been hit by a bus, chances are good that some publicity will cause this issue to get resolved. But what happens when a similar situation is terminated unexpectedly?
Re: (Score:2, Funny)
The problem would get resolved quicker if he did get hit by a bus.
Re: (Score:2)
The software has essentially been DONE, Finished, Complete, for years, decades.
Why does the guy work 100 hour weeks on software that if feature complete and stable?
Re: (Score:2)
Yeah I'm not sure either. It's a single packet!
Re: (Score:2)
Precise time dissemination over a long period is a hard problem, unless you use TAI that NTP sadly do not provides...
Fact is that humans use a local timezone defined and redefined by each governments on a (almost) spherical planet with a physically unpredictable rotation rate variation.
Re: (Score:2)
Various operating systems NTP is designed for are evolving so it have to be modified to take advantage of new syscall, libraries, or API.
The protocol itself must be urgently improved to include TAI, leap second table, and timezone database update, because in his current state any precise time computation crossing a possible leap second slot or a timezone change is unreliable for the past (and impossible for the future because of the unpredictable Earth rotation physics).
Re: (Score:2)
Oh how easily this would be solved if NTP was proprietary technology and Father Time could ask a small royalty for every piece of software that uses NTP. I just mean that by making things open source you are intentionally taking the risk that there can be problems with arranging well-rounded funding.
Maybe, but the challenge with business owned closed source is that the owners then want to find extra ways to monitise the resource. The alternative would be to keep it open source and charge for support or simply encourage sponsorship from anyone using it in commercial hardware?
Re: (Score:2)
Who are you going to charge for the "new releases"?
There are actually people out there who want features bad enough, that are willing to pay other people to write them. Generally people do not work for free.
there should be automated testing and if the patch fails it should be sent back
Yeah that one made me laugh pretty good, assuming that all your tests are perfect and any failures are bad patches.
Re: (Score:2)
There are actually people out there who want features bad enough, that are willing to pay other people to write them. Generally people do not work for free.
Contribution of patches doesn't seem to be a problem. There are plenty of patch submissions but looking at that list of tasks it's hard to see who you would charge for the task of "piecing together new releases" or "accepting patches" or "maintaining the mailing list".
Re: (Score:2)
NTP is just a tool to disseminate UTC time. As today international relation so deeply rely on the UTC time, I believe that the best solution would be to find a international solution to finance the support of the tool. In this case, an open source solution will be critical to ensure that the project will not be sink under a Vogon style administrative layer.
Re: (Score:2)
I was more thinking about something like the International Telecommunication Union allocating some financial support to the Linux Foundation core infrastructure initiative that already try to make a descent future for the NTP protocol.
Re:Simple (Score:5, Insightful)
BSD NTP client - 3K lines of code. Linux NTP client - 192K lines of code. Guess which has fewer bugs.
Re: (Score:2)
Re:Simple (Score:5, Informative)
I'm assuming the 'BSD NTP client' is OpenNTPd. The 'Linux NTP client' is NTPd that we all know and is not linux specific.
Primary differences between the two:
OpenNTPd just cares about getting the local clock close to the remote NTP's supplied time. Nothing more.
NTPd wants to get the local clock as closely as possible to actual time as well as disciplining the local timesource such that 1 second is accurately 1 second, while weeding out faulty or maliciously bad sources of time. It also can act as a server, or as a peer in a server group. It can also directly interact with multiple reference clocks.
In short, you're comparing a simple client that just looks at the time on the wall vs something that's trying to be accurate and can act as the server side of the equation.
Re:Simple (Score:4, Informative)
Re: (Score:3)
It can now keep your clock within 10 milliseconds between syncs. Still not as good as the official NTP.
Depends on your perspective.
To me it is: 10ms with the OpenNTPd vs seconds if not minutes with the official NTPd, which occasionally blankly starts logging some errors or warnings like "oops shit, not syncing anymore".
Official NTPd is capricious as hell. And the documentation is just horrible.
I generally replace it with OpenNTPd which "just works". Because, at the end of the day, I can live probably even with 25ms skew, but the seconds/minutes of official NTPd is just unacceptable.
Re: (Score:1)
Re: (Score:2)
Why do you think ntpd provides only seconds or minutes accuracy? This is certainly not true.
Oh, you probably haven't had the problem. But for some the problem is relatively commonplace: NTPd after some time starts refusing to sync time. And no matter what you do (restart HW, restart NTPd, sync manually, and restart again everything) that POS would still within hours again start refusing to sync the time.
And when the NTPd refuses to sync time, the skew easily rises into the minutes. On some buggy virtualizations - even more. (I have said hours - because some VMware versions/configurations I have
Re: (Score:2)
Active Peer 67.202.100.50
Delay 10.325ms
Offset 0.487ms
Jitter 0.326ms
The chrony web page has some nice comparisons (Score:3, Informative)
The Chrony comparison page compares ntpd, Chrony and OpenNTPd [tuxfamily.org]. Another yet to be finished alternative is ntimed [github.com] (which seems to currently be around 6000 LoC). On some Linux's if you don't care about accuracy or trying to weed out false time you can always use an client such as systemd-timedated [freedesktop.org].
Re: (Score:2)
I think you actually just made his point for him, but good job.
Re: (Score:3)
The very basic idea of the NTP protocol is to disseminate the time using a hierarchical layers of stratums: https://en.wikipedia.org/wiki/... [wikipedia.org]
So by design all nodes that are not a leaf need to be both client and server. This is common to all hierarchical protocols like for example DNS, and proved as an effective solution to reduce the bandwidth of the upper part of the hierarchy.
If you have a better idea, please publish an RFC for an more effective protocol.
Re: (Score:2)
There's yer problem. Using a server as a client is never a good idea.
Proof positive that God provides us with a never-ending supply of idiots.
Re: (Score:2)
I didn't know OpenNTP added server support recently, so new info for me today.
Re: (Score:1)
Hint: Is a mislabled SNTP client a NTP client? Is the full blown reference NTP server/client/kitchen sink a NTP client?
Re: (Score:1)
Re: (Score:1)
You can write a tiny daemon which just sends and receives NTP network packets, with just a few lines of code. If you're satisfied with the resulting accuracy of your system time then that's fine. This is called SNTP.
Re: (Score:3, Informative)
Well, for starters, its not always drop-in compatible with existing clients and servers in the wild, and it lacks the necessary precision for doing any sort of work that that requires sub-second synchronization accuracy.
Re:http://www.openntpd.org/ (Score:5, Insightful)
Re: (Score:1)
but sometimes that's still not enough, simply put
Re: (Score:2)
Unless you're working in specialized situations where microseconds are important, like multi-master distributed systems, I wouldn't worry about it.
Re: (Score:2)
As a matter of fact, I do work with multi-master distributed systems, so I do worry about it.
Re: IETF a more appropriate owner? (Score:1)
The IETF owns the standard but the implementations are independent of that.
Re: He uses Linux? (Score:1)
Kicks are for Trids!
Re: (Score:2)
Indeed. I first heard that joke at summer camp ca. 1972. It wasn't anti-Semetic then, and it isn't anti-Semetic now. Geeez.
Re:Most people who say (Score:4, Informative)
I don't keep up with Harlan's schedule these days, but I worked with him briefly back when he was at Netflix. At the time, he didn't strike me as much of a braggart or prone to exaggeration. And his work ethic was ... not high on work/life balance.
I wouldn't bet against him working that hard on NTP -- I've never before met anyone who loved a protocol as much as Harlan loves NTP :)
Re: (Score:2)
If he's actually working 100 hours per week for years at a time, he has NO life... period. You realize that's over 14 hours a day, seven days a week. Or if he wants one day off a week, that's well over 16 hours a day.
Really? Can someone actually work that much for over three years straight and not die or go insane? I suppose it's possible if you consider your work as both entertainment and social life as well.
Re: (Score:1)
Re: (Score:2)
Very very few people out there can work that hard. I certainly can't.
I'd bet that of the people you've ever heard of, a much higher proportion are out at the extreme end of work endurance compared to the average population.
Re: (Score:2)
What's rubbish is that you're projecting your own laziness onto others.
Re:Who needs NTP? (Score:4, Funny)
Everybody just needs to get their own atomic fountain and we're all good...
No, the drinks from those things go right through me...
Re: (Score:2)
Can someone explain this joke/meme/thing to me? I see it in pretty much every article.
Re: (Score:2)