
Chrony: Comparison of NTP implementations - daenney
https://chrony.tuxfamily.org/comparison.html
======
bazzargh
Every time ntp comes up I wonder what happened to ntimed.
[https://nwtime.org/projects/ntimed/](https://nwtime.org/projects/ntimed/)

...latest on it appears to be that Poul-Henning Kamp is building a house and
that's taken up the time that was devoted to it, for now
[https://twitter.com/bsdphk/status/886166233783119873](https://twitter.com/bsdphk/status/886166233783119873)

(the Network Time Foundation were funding 1 day a week of his time, but that
was just weekend work, he's a busy guy)

~~~
stock_toaster

      > the Network Time Foundation were funding 1 day a week of 
      > his time, but that was just weekend work, he's a busy guy
    

I guess he just doesn't have the... time.

------
nullc
> Reference clocks

Just saying "Yes" here is highly misleading. NTP supports dozens of reference
clocks, including the protocols of may precision timing receivers. Last I
looked chrony supported only a single kind of reference clock.

~~~
mlichvar
> Just saying "Yes" here is highly misleading.

FWIW, the page also compares the number of reference clock drivers. chrony
does not have any HW-specific drivers, but there is an interface which other
programs can use to provide the timing data. The most commonly used reference
clocks these days are GPS receivers, which are well supported by gpsd.

------
pedrocr
chrony seems great from this comparison and I remember using it in the past
and being pleasently surprised at how good it was with laptops. These tests
show the same. Anyone know why it hasn't become the default on Linux?

~~~
craftyguy
chrony seems great because this comparison is on the chrony website.

~~~
daenney
Then prove them wrong instead. Just because it's on their website doesn't mean
it's misleading or incorrect.

~~~
moomin
Sorry, but this is just flabby thinking. We know it takes 10 times as long to
refute bullshit as to create it. No-one needs to spend their lives proving
wrong every slated comparison on every website.

~~~
pedrocr
On the other hand, just calling bullshit because an open source project did a
comparison page is a bit much. The incentive to lie isn't particularly high
and doing a good comparison has the utility of letting you know what you still
need to work on. So unless you have at least one example of how the page is
wrong just calling bullshit by default seems uncalled for.

------
corv
I can't speak for chrony but considering the amount of security issues with
ntpd I would much rather run openntpd.

~~~
xorcist
They don't do the same thing. At least last time I looked at it, openntpd was
more like a SNTP client than a NTP client.

That means it's more suitable for following a reference clock, not keeping a
number of machines in sync with each other and the rest of the world. Unless
they have implemented more of the protocol now. This has security implications
of its own.

~~~
marios
I'm running OpenNTPD on all my devices (laptops, servers, VMs) and as far as I
can tell they are in sync. Both amongsts themselves, as well as with other
devices that are running other NTP implementations.

I've heard other people claiming that OpenNTPD is not accurate enough and what
not, but my anecdata says it performs well enough. Do you happen to have any
specific gripes with it ? Is it the timekeeping algorithm that is lacking ?

Sibling comment mentioned leap seconds, and that's unlikely to change. AFAIK,
for 'proper' leap second support, the daemon must support it (to parse the
announcement from the upstream NTP) as well as the OS. Gathering from I've
read on OpenBSD's mailing lists, leap second support in the kernel is not a
priority -- to say the least. Seeing the fallout on other OSes, I'd say it's a
sound decision. On a similar note, Google introduced leap smearing to _not_
deal with introducing leap seconds across all of its' servers[1]. Several
other actors, such as Amazon[2] and Akamai followed suite.

[1] [https://googleblog.blogspot.fr/2011/09/time-technology-
and-l...](https://googleblog.blogspot.fr/2011/09/time-technology-and-leaping-
seconds.html) [2] [https://aws.amazon.com/blogs/aws/look-before-you-leap-the-
co...](https://aws.amazon.com/blogs/aws/look-before-you-leap-the-coming-leap-
second-and-aws/) [3] [https://blogs.akamai.com/2016/11/planning-for-the-end-
of-201...](https://blogs.akamai.com/2016/11/planning-for-the-end-
of-2016-a-leap-second-and-the-end-of-support-for-sha-1-tls-certificates.html)

~~~
burntrelish1273
IIRC (possibly outdated info) OpenNTPd lacked support for Linux and other
platform PLL syscalls, just used the standard (and less precise) adjtime
syscall.

------
burntrelish1273
If chrony had an MIT license, it has the potential to be more awesome. ntpd's
configuration is its attack and misconfiguration surface. There's no one
"perfect" ntp client/server, they have their strengths and weaknesses.

------
mschuster91
I miss systemd-timesyncd in that list... is it actually the default on modern
Linux distros?

~~~
killercup
From [https://wiki.archlinux.org/index.php/systemd-
timesyncd](https://wiki.archlinux.org/index.php/systemd-timesyncd) :

> In contrast to NTP implementations such as chrony or the NTP reference
> server [systemd-timesyncd] only implements a client side, and does not
> bother with the full NTP complexity, focusing only on querying time from one
> remote server and synchronizing the local clock to it.

~~~
h1d
How does any average users and admins want NTP server feature on their
machine?

It just sounds like running a more complicated (meaning, more attack vectors)
software for no reason.

~~~
dozzie
Reference NTP server is less complicated than entangled steaming pile of
"let's not" that is systemd. I trust the reference implementation more than I
trust the team behind systemd with regard to network communication.

~~~
moe
Why is this is getting downvoted?

systemd has a _horrible_ security track record and should not be allowed on
any server that is connected to the internet.

The last remote-root exploit from 2 months ago:
[https://www.theregister.co.uk/2017/06/29/systemd_pwned_by_dn...](https://www.theregister.co.uk/2017/06/29/systemd_pwned_by_dns_query/)

The major distros _urgently_ need to get rid of systemd and return to proven,
modular init systems.

systemd was the biggest single mistake in UNIX history.

~~~
rnhmjoj
I hate the binary logs of journald, the unnecessary complexity of stuff like
systemd-hostnamed, dbus and the ignore-invalid-options policy but the init
system it's actually very good.

I don't want to return to a pile bash scripts with `sleep n` to get the system
to boot, even if it's a proven method.

~~~
moe
Many other dependency/supervisor driven init systems exist (upstart, minit,
daemontools, etc.). Upstart even was the Ubuntu default for a while.

One of them should be adopted and fleshed out before systemd causes even more
damage.

~~~
ty_a
There should be competition but no one is willing to step up to the plate.
That's the real issue.

~~~
dozzie
That's false. There are several daemon managers designed to run as PID 1,
starting with upstart the parent mentioned and you silently dismissed. The
problem lays elsewhere.

------
DamonHD
Very interesting to see. I'm a big fan of (X)NTP and introduced it to several
clients many moons ago, and still have code lurking in it AFAIK. But I was not
happy with the maintainers seeming to lose whole versions of (my) code and
have not run a real local ticker for a while. I still have plenty of users of
ntp.exnet.com anyway!

------
ece
I've used htpdate for the times ntp has been blocked by firewalls. It's worked
fine for me without hiccups.

------
Mojah
This link resurfaced again after getting a mention in cron.weekly issue #99;
[https://www.cronweekly.com/issue-99/](https://www.cronweekly.com/issue-99/)

Gotta say, I'm happy about that, as I wrote the newsletter :-D

------
jpfr
Just for completeness, how would ntpsec fare in this comparison?

I know ntpsec is a somewhat questionable fork. But the refactoring work itself
can't be all bad...

~~~
dfc
As far as that page is concerned ntpsec is just ntp with fewer features.

------
cwmma
It took an embarrassedly long amount of time for me to notice this was on
chrony website. Might be better described as 'things chroney has, it's
competitors don't have and may or may not be important.'

------
Filligree
This managed to put most of its content off-screen on Android, without letting
me resize the viewport at all. Completely unreadable.

I miss the days when people would use tables and minimal or no css.

~~~
marcosdumay
Those days site would come with a "best viewed in IE at 800x600" disclaimer
because they would be completely unusable in any other configuration.

Maybe you miss the days of simple text as HTML. That one did work everywhere.

------
Mizza
Seems like a great candidate for a Rust implementation, but I can't seem to
find one yet..

~~~
marcosdumay
Thread carefully, because most NTP vulnerabilities are protocol misuse, not
badly written servers. Thus Rust won't protect against them.

