The reference implementation, while historically important, has largely been displaced by more secure/performant implementations (ntpsec, chrony), or by in-house implementations (Amazon, Google).
Notably NTPd doesn't support leap-smear, which means those who absolutely must have monotonic time can't use it at all.
> Notably NTPd doesn't support leap-smear, which means those who absolutely must have monotonic time can't use it at all.
It should be noted that there currently exists no standard, technical or statutory, for how to do leap smearing. If an event happens and you need to tie your timestamped event logs to the 'greater reality' in some legally binding way there's (AIUI) no way to do that.
Though the flag simply says that the timescale is smeared and not (AFAICT) how it is being done.
See also perhaps RFC 8633 § 2.7.1:
[…]
Operators who have legal obligations or other strong requirements to
be synchronized with UTC or civil time SHOULD NOT use leap smearing
because the distributed time cannot be guaranteed to be traceable to
UTC during the smear interval.
[…]
Any use of leap-smearing servers should be limited to within a
single, well-controlled environment. Leap smearing MUST NOT be used
for public-facing NTP servers, as they will disagree with non-
smearing servers (as well as UTC) during the leap smear interval, and
there is no standardized way for a client to detect that a server is
using leap smearing. However, be aware that some public-facing
servers may be configured this way in spite of this guidance.
>If an event happens and you need to tie your timestamped event logs to the 'greater reality' in some legally binding way there's (AIUI) no way to do that.
TAI (Temps Atomique International), is UTC without leap seconds and is the source of truth for "what time is it"
I'm finding conflicting reports of being able to actually use TAI on linux but there are several claims of at least specialty setups existing. You would absolutely not want smearing or anything like that in your time synchronization software in this case.
Kind of. If you “absolutely must” have monotonic time, though, and also care about NTP, then just pointing to TAI (in DJB’s naïve definition) or GPS time is not enough. You need to make decisions on whether you, for example, would prefer your imprecise seconds to be more even individually or for the aggregate count to be more accurate (NTP of course gets you the latter by default). Dear Sir[1], you have done metrology.
I really just want the software time to be as good as the underlying hardware clock...
...rather than setting a rather awful minimum performance spec of 10ppm smearing over a leap second day.
Three lies:
Universal - multiple smear implementations, linear vs cosine off the top of my head.
Coordinated - whose in charge here? Google? Facebook?
Time - doesn't even try for 1s/s
UTC is, for all intents and purposes, yet another human readable time zone. And should be treated as such. The underlying hardware problems I have and understand. Don't need the software making it worse.
The major Linux distributions replaced ntp with ntpsec. A better question would be who is still running ntp. I know about FreeBSD and NetBSD.
ntpsec as a project seems to be doing ok. They are releasing new versions, fix reported issues, accept patches, and develop the code publicly. While ntp still has a huge list of acknowledged but unfixed CVEs.
Current Debian, Ubuntu, Fedora, RHEL/CentOS (EPEL) have an ntpsec package, but no ntp package. It's not used by default (that's chrony on most of the distributions), but the users can install it and use it.
It's not the issue of using the project, to my mind.
It is not even his beliefs, though many of them are — to my ears and hopefully to most — quite repugnant.
It is his attitude, approach, and at various times the kinds of people he attracts.
As it goes, I've seen him speak, back in the 90s, CatB era. He was genial enough but he seemed to have a coterie around him of rather less pleasant people. It could just have been a bad day but it has stuck in my mind ever since: it was the first time I understood that there's not really any sort of inclsive geek community.
Accurate timekeeping is critical infrastructure. So much so, that the US government operates many radio stations whose sole purpose is to provide current time announcements, reference clocks, and other timekeeping-related information. See [0].
Relatedly: surely you're not of the opinion that the various GPS constellations are not critical infrastructure?
I figured they would be funded by NIST, but the way the US government has been pulling back funding for everything, it didn't surprise me that they need money. Much like Jimmy Wales, I bet if everyone donated 5 bucks they'd be in a much better spot.
The big companies have their own NTP pools and even implementations.
You can use the public Google or AWS pools if you want. Note that they have their own software, too, so be sure you understand the differences like leap smearing.
Blocking FAANG IPs from the NTP Foundation’s pools wouldn’t hurt FAANG at all. It would only hurt people who weren’t aware and used the NTP Foundation’s pool for things.
Not really. The biggest drain on resources historically has come from things like routers that have fixed NTP servers hardcoded in the firmware and every customer ends up using just that one without even knowing they're contributing to the problem. They also can't be blocked as the requests could come from anywhere.
It's telling that we can appropriate millions of dollars to transport a decommissioned shuttle from a museum in Virginia to Texas, but NASA can't pitch in the cost of one tank of diesel to the people maintaining what this article claims to be a mission-critical tool?
> The NTP Project conducts Research and Development in NTP, a protocol designed to synchronize the clocks of computers over a network to a common timebase.
Research is put front and centre in their pitch for funding.
This is probably research into protocol for time sync. Which works well for some scenarios, but not yet for others and can improve the reference implementation (I guess; I have no hard knowledge there).
And given that ntp.org runs servers that so many organizations use they should be near the top of the funding queue for any NTP research. My 2c.
Don’t think you deserve these downvotes. That was my reaction too. Perhaps they’re coming from people who believe that the money is to support running of time servers (which, to be fair, “Please donate to keep the Network Time Protocol up” certainly implies…)
I too would be interested in knowing what the Network Time Foundation is researching, and I think conversation about that is appropriate here. NTP certainly _seems_ like it’s been ‘good enough’ for decades to an uninformed observer, and discussing if and why it’s not would be interesting (and perhaps motivate donations!)
But..it's $1k. This is basically pocket change on an institutional level. I've been part of some very scrappy and poorly funded community organizations and even they took in more than $1k every year. Even if you don't believe NTP maintainers should be paid anything for their work (an opinion I don't hold), it's trivial to spend this amount on modest everyday expenses like renting a venue a couple of times, buying insurance, and paying for hosting and technical resources.
It looks like they took in more than $200k and spent $100k on "contract services" (I can't tell what that means) and somewhat modest amounts on other things. Unfortunately I need to exit the rabbit hole now.
It seems a big waste of effort to maintain -say- a damnable Trello board with upcoming priorities and roadmaps <strike>and Kickstarter stretch goals</strike> when their bug tracker and mailing list are visible to the public. (Though, it seems that they've recently put the list behind some broken moderation software, so you have to go to -say- the IETF's archive of the thing to read it. "AI" crawlers ruin everything.)
EDIT: Do note that that tax return you found is for the Network Time Foundation, not the NTP Project. I don't know if the two are separate entities for tax purposes, but do note that the NTF supports several projects, of which the NTP Project is one. The NTP Project is just for NTP.
It doesn't explain why they need the money "we need the money to continue doing what we are doing" means nothing unless they also explain what they are doing and why it matters.
Thankfully, that's also on the front page:
What they are doing:
> The NTP Project produces an open source Reference Implementation of the NTP standard, maintains the implementation Documentation, and develops the protocol and algorithmic standard that is used to communicate time between systems
And why it matters:
> NTP is what ensures the reliability of billions of devices around the world, under the sea, and even in space
Now, it doesn't explain why a reference implementation is a good thing, but I think that at this point, you have a good enough idea to decide if you want to donate or not.
Edit: However, $1000 seems too low to matter. It may not even pay for the expense of the fundraising itself. I think it is more of an awareness campaign: "look at the protocol we all use, you would think we are talking many millions of dollars, but the truth is, you are off by orders of magnitude"
