
A rift in the NTP world - Tomte
https://lwn.net/SubscriberLink/713901/7bb511312e996566/
======
scandox
I see the strapline of NTPsec on Github is: "ntpsec/ntpsec: The NTP reference
implementation, refactored".

So is it or isn't it?

A few quotes from ESR from here
[http://esr.ibiblio.org/?p=6881Interesting](http://esr.ibiblio.org/?p=6881Interesting)

> tossing out as many superannuated features as I could

> full of port shims for big-iron Unixes from the Late Cretaceous

> I do have an an advantage because I’m very bright and can hold more complex
> state in my head than most people [speaks to attitude :)]

> This differs dramatically from the traditional Unix policy of leaving all
> porting shims back to the year zero in place because you never know when
> somebody might want to build your code on some remnant dinosaur workstation
> or minicomputer from the 1980s.

> Yet another important thing to do on an expedition like this is to get
> permission – or give yourself permission, or fscking take permission – to
> remove obsolete features in order to reduce code volume, complexity, and
> attack surface.

> Then ntpdc was deprecated, but not removed – the NTP Classic team had
> developed a culture of never breaking backward compatibility with anything.

> I shot ntpdc through the head

I don't know the facts in the case at all, but I can imagine if you were the
existing maintainer, you'd find this language and attitude incredibly
difficult to take. And after all if you're not being paid to work on it, why
should you swallow your pride?

~~~
masklinn
> I see the strapline of NTPsec on Github is: "ntpsec/ntpsec: The NTP
> reference implementation, refactored".

> So is it or isn't it?

It's technically correct since they started from the reference implementation
then "refactored" it.

They're skirting real close to claiming they are the reference NTP
implementation but not quite doing that, just leaving the door open for
misunderstandings.

~~~
someguydave
The concept that your protocol is defined by a "reference implementation" and
not a well-written specification is moronic. Someone should be able to
articulate unambiguously (with words) what the NTP protocol is and what it
does.

~~~
unethical_ban
That's how the majority of software on the internet is written, including
Python and Ruby for much of their time.

~~~
gcp
Would people claim that Python and Ruby have "specifications", though?

~~~
steveklabnik
Ruby at least has an ISO standard; it's not exactly current with today's Ruby,
though.

------
xenophonf
From the article:

 _Most of them, [Sons] said, "are older than my father.... [and] are not
always up to date on the latest techniques and security issues." [...] Sons
suggested that they "should be retired."_

That is incredibly asinine and discriminatory to boot.

From the NTPsec project manager's comment:

 _The main point of contention that caused the fork was BitKeeper vs Git._

I can't believe that arguing over VC tooling is what caused the fork. Why not
just compromise on this, use BitKeeper for long enough to get on the
maintainer's good side, and helpfully offer to convert to Git later? This is
how ESR got GNU Emacs development migrated from Bazaar to Git, and it seemed
to have gone pretty well for all involved.

~~~
HedgeMage
That's simply not what I said; I was misquoted. Please watch the original
video.

[https://www.oreilly.com/ideas/the-internet-is-going-to-
fall-...](https://www.oreilly.com/ideas/the-internet-is-going-to-fall-down-if-
i-dont-fix-this-susan-sons?imm_mid=0eb1c1&cmp=em-webops-na-na-
newsltr_security_20161129)

It's amazing* how many people here are willing to roast me over a third-hand
account of my opinions, when I've already offered to answer questions
directly.

* Not actually amazing, fairly typical of internet commentary, really.

~~~
areyousure
To save effort on finding the relevant segment of a 17+ minute interview, I
have attempted to transcribe a portion. See also
[https://www.oreilly.com/ideas/susan-sons-on-maintaining-
and-...](https://www.oreilly.com/ideas/susan-sons-on-maintaining-and-securing-
the-internets-infrastructure) with some portions transcribed (inexactly); add
~20s to the times below to match the podcast timing.

(5:26) [O'Reilly interviewer] Mac Slocum: Related question on this: how can
the Internet's infrastructure remain up to date and secure, particularly when
it's distributed like this?

(5:33) Susan Sons: So the really terrifying thing about infrastructure
software in particular is when you pay your ISP bill, that pays for all the
cabling that runs to your home or business. That pays for the people that work
at the ISP. That pays for their routing equipment and their power and their
billing systems and their marketing and all of these wonderful things. It
doesn't pay for the software that makes the Internet work. (5:54) That is
maintained almost entirely by volunteers. And those volunteers are aging.
[Um.] Most of them are older than my father. And [um,] we're not seeing a new
cadre of people stepping up and taking over their projects, (6:10) so what
we're seeing is ones and twos of volunteers who are hanging on and either
burning out while trying to do this in addition to a full-time job, or are
doing it instead of a full-time job, or should be retired, or are retired.
[Um.] And it's just not giving the care it needs. (6:27) And in addition to
this, these people aren't always up to date on the latest [um] techniques and
security concerns of the day. And the next generation isn't coming up. I
recently started a mentoring group called the #newguard that takes early and
mid-career technologists and we cross-mentor and then we match them up with
the old guard who are maintaining and who built this software to try to help
solve that problem. But in the meantime there's still not enough funding going
in this direction. And there's not enough churning happening. [Um.] And it's a
really tough thing because there's a certain amount of what I call "functional
arrogance" involved. [Um.] I don't have a certificate of "Susan is good enough
to save the Internet" anywhere. I don't know who hands those out.

(7:08) Slocum: Sure.

------
bla2
_Searching for additional funding, Stenn contacted the Internet Civil
Engineering Institute (ICEI) and began working with two of its
representatives, Eric S. Raymond and Susan Sons._

 _Stenn said in a phone interview, "Then all of a sudden I heard they have
this great plan to rescue NTP. I wasn't happy with their attitude and
approach, because there's a difference between rescuing and offering
assistance. [Their plan was] to rescue something, quote unquote, fix it up,
and turn it over to a maintenance team."_

 _Most of them, she said, "are older than my father.... [and] are not always
up to date on the latest techniques and security issues." Many are burning out
from trying to maintain critical code while working full time jobs, and Sons
suggested that they "should be retired._

Wow. Keep away from the ICEI I suppose.

~~~
HedgeMage
I highly recommend that you watch my interview with Mac Slocum (video here:
[https://www.oreilly.com/ideas/the-internet-is-going-to-
fall-...](https://www.oreilly.com/ideas/the-internet-is-going-to-fall-down-if-
i-dont-fix-this-susan-sons?imm_mid=0eb1c1&cmp=em-webops-na-na-
newsltr_security_20161129) ) to find out what I actually said, rather than
listen to a reporter saying what someone else said I said. I was misquoted.

------
gbrown_

        Several years ago, the project's inadequate funding became known in the media
        and Stenn received partial funding from the Linux Foundation's Core
        Infrastructure Initiative, which was started after the discovery of how the
        minimal resources of the OpenSSL project left systems vulnerable to the
        Heartbleed vulnerability.
    
    

No no no no. Yes more funding and resources are good for these things but
Heartbleed did not come about because of that. It came about to due broken
development practices and the developers focusing on adding more features
rather than working through the issues people had reported in their bug
tracker.

The work done in NTPsec echos this in what seems to be a repeat of OpenSSL/
LibreSSL with NTP/ NTPsec.

Yes forking is the "easy way out" in these circumstances and it's a shame to
see efforts split in such projects but in reality it's often what's needed to
get things moving in the right direction.

~~~
HedgeMage
This is pretty much what happened. We spent a few months working with Mr.
Stenn, and ultimately he did not agree to pursue strategies to correct the
underlying problems that caused NTP's security and stability issues. Simply
patching known vulns and moving on would have been a temporary solution: more
vulns were lurking. NTPSec was born to give the code base another chance, to
evolve with a different strategy. In the end, I tend to feel that this is a
strength of OSS: different groups are free to do things different ways, and if
people are paying attention, software quality should win out.

Since Eric and the rest of my team started working on the NTP code base in
early 2015, we've eliminated over 50% of its vulnerabilities _before they were
disclosed_ simply by applying good software engineering practice where it
hadn't been. In the year before my O'Reilly presentation, it was more like 80
or 85 percent. Everything we hadn't eliminated by disclosure or discovery time
was fixed promptly.

There are other NTP protocol implementations besides NTP classic or NTPSec
that are worth considering for some users. However, we felt that refactoring
the reference implementation was necessary due to its use in many less-
mainstream, but often highly-critical (in a life-critical or economically-
critical or critical-to-scientific-research sense) applications. The non-NTP-
related implementations don't always do what high speed trading houses need,
or scientific installations built on aging but extremely precise equipment
need, or controls system interfaces need, and on and on and on. We just didn't
have a drop-in replacement available for all of the things that weren't web
servers, workstations, and other commodity applications.

The "rift" article is now subscriber-only, so I can't respond there to its
many inaccuracies (I was passed a PDF by someone who cached it, this is the
only way I was able to read it). I was never contacted about it by the author,
and I don't feel it was a fair treatment of the subject. That's okay. I
learned a long time ago that fixing a mess will make some people thank you and
some people angry with you. It wouldn't have become a mess by the time I found
it if there weren't a cost to fixing it. People who fear controversy will have
a hard time making a difference in the world.

I'm at work, but I'll do my best to answer any questions fired at me today on
this thread. If there's something you want to know, ask!

~~~
tptacek
NTPsec advocates keep saying "eliminated 50% of vulnerabilities <<<before they
were disclosed>>>", as if there were another meaningful way to eliminate
vulnerabilities from a codebase.

Can you provide a breakdown of the vulnerabilities NTPsec HAS and HAS NOT been
vulnerable to, along with their severity (low: degrades time service, medium:
provides a practical vector for corrupting integrity of time service, high:
compromises integrity of the server itself) and whether they're exposed (a) in
the default configuration, (b) in a configuration run widely on the Internet,
or (c) in no configuration actually known to the project maintainers?

You clearly have the list somewhere, because everyone involved in the project
has this statistic ready to quote.

If you don't have the severity and exposure breakdowns, that's OK. Post the
list anyways. Maybe it'll be obvious what the severity and exposure is.

This business of counting vulnerabilities and claiming victories has been a
problem for software security for two decades now. Ops people don't care about
the vulnerability count, if the vulnerabilities left exposed in the codebase
are the ones that get their servers popped.

~~~
HedgeMage
I'm sorry if I wasn't clear, I meant "before they were disclosed to NTP
classic or NTPSec". In other words, by simply improving on the software
engineering practice, we eliminated classes of vulnerabilities without having
to track them down individually. This is pretty common with ailing code bases,
though often overlooked. I'm at work right now, so I don't have a
comprehensive list handy. Going through NTP classic vulns and seeing how many
never impacted NTPsec would recreate such a list.

The severity varies (many weren't that big, some were)... the point of
claiming the victory is to demonstrate that I'm not just having a fuss about
testing code, using static analysis tools, using an accessible code
repository, refactoring for lower attack surface and better separation of
concerns because they are beautiful in abstract. I like results. NTPSec, and
before it the temporary "rescue" team _, have been slowly chipping away at the
big picture mess, making the code safer and more maintainable, because it 's
likely to remain in service for another decade or two.

Every time 14 vulns are disclosed and we are already immune to half of them,
we get to put twice the effort on the half we do need to deal with, if even we
need that much. We aren't just firefighting, NTPSec can develop proactively.
That means something for our users.

_ lots of personnel overlap here...the main difference being pre- and post-
fork and where the funding came from, probably not interesting to most people.

~~~
tptacek
No, I understood your meaning. I'm saying: that's what every code refactoring
does. I'm saying that since you can't claim credit for eliminating
vulnerabilities that are already disclosed, the emphasis you place on
precluding vulnerabilities is strange.

Can you provide that list of vulnerabilities now? You're obviously keeping
track of them, that being part of the premise of the project. I know you don't
have them broken down, but we can help with that.

~~~
tptacek
How about this: before I put the effort in to generating the list myself, can
you at least promise to confirm that I have the complete an accurate list once
I do, and to fill in any gaps?

------
itp
ESR seems to have a long track record of being involved in these types of
events. There are obviously a number of possible conclusions to draw:

    
    
      - ESR is so productive and involved in so many things that this is actually a normal drama ratio
      - ESR only involves himself in critical issues with high potential for drama
      - ESR brings the drama
    

I can't rule out either of the first two, but years of data points lead me to
believe it's the third.

~~~
linuxkerneldev
I agree that it is very likely to be the third. Just have a read of some of
ESR's articles. Eg:

[http://esr.ibiblio.org/?p=129](http://esr.ibiblio.org/?p=129)

" American blacks average a standard deviation lower in IQ than American
whites at about 85. And it gets worse: the average IQ of African blacks is
lower still, not far above what is considered the threshold of mental
retardation in the U.S. And yes, it’s genetic; g seems to be about 85%
heritable, and recent studies of effects like regression towards the mean
suggest strongly that most of the heritability is DNA rather than nurturance
effects. "

ESR's famous melodramatic-response to having his CML2 ("Eric's configuration
markup language for kernel building") patch rejected by Linus is also quite
telling about his self-perception and his perception of other people and his
interaction with anyone who would have an opposing viewpoint to his.

~~~
thehardsphere
How does the quote show that he "brings the drama"? I mean, that's on his own
blog. It's not like he's exporting that. It's not like he's going up to black
people and saying "you're almost retarded."

I think the CML incident and the time where he yelled at some Debian developer
about "our tribe" are better examples, because at least there he's going into
other people's spaces and actually confronting them.

~~~
mrchicity
Because what good can come from discussing that topic? The only reasons to
broach it are to a.) troll and/or b.) agitate for some horrific policy
proposals.

He's not an academic researcher. Don't you think it's odd for some old white
guy to get worked up over minority test scores? Why write about this rather
than basically anything else? Either he's a troll or profoundly unaware about
how bringing this line of argument up may make people feel threatened. There
are a lot of things that simply don't need to be discussed. It's like
graphically describing your partner's episiotomy over dinner. Some things just
inspire a visceral reaction.

~~~
thehardsphere
It's odd, sure, but it's his blog. People blog about whatever they're
interested in. He could have all kinds of reasons for being interested in that
which aren't trolling or policy.

Here's an unflattering guess why he might be interested in this: he has
cerebal palsy. Despite that, he still is a fairly smart (even if crazy and/or
racist) guy. He might be extremely interested in differences in human
intelligence for that reason. To figure out why he still has above average
intelligence while most other people with his birth defect don't. That could
explain a lot of his crazy beliefs and his narcissistic "I'm a super unix
hacker" routine.

Why does he have to be an "academic researcher" to have opinions about race
that he wants to talk about on his blog? Or for that matter, any topic? Do you
have an anthropology degree to assert your opinion that his blog may make
people feel threatened, or are you just another guy on the internet with an
opinion?

------
kyledrake
If you're looking for a simple security-oriented ntpd, I can't recommend
OpenNTPd enough. It's cross platform and available for most Linux distros in
packages.

[http://www.openntpd.org](http://www.openntpd.org)

I have a much higher trust level for OpenBSD on security issues than I do with
either of these projects.

~~~
ars
Just remember not to use OpenBSD or OpenNTP for time servers, they can only be
used as clients.

(This is because neither supports leap seconds, so using them as servers will
cause clients to desynchronize. Their belief that we don't need leap seconds
is quite irrelevant: Right now we have them.)

~~~
iso-8859-1
What do you mean when you say "we have them"? Because they are in UTC?

RFC5905 (NTP 4) notes:

    
    
        The goal of the NTP algorithms is to minimize
        both the time difference and frequency difference between UTC and the
        system clock.  When these differences have been reduced below nominal
        tolerances, the system clock is said to be synchronized to UTC. 
    

Since nominal tolerances are not defined in the standard, a server would still
be NTP conforming if it smeared the leap second.

~~~
ars
> What do you mean when you say "we have them"? Because they are in UTC?

They are part of the time standard used by the entire world. BSD doesn't like
them, fine, but pretending (in their code) that they don't exist is not the
correct approach.

It works more or less fine for clients, but not for servers.

> a server would still be NTP conforming if it smeared the leap second

Not really. Consider the situation if a client is speaking to multiple
servers, some normal servers, some buggy BSD servers.

Consider a client that manages to do a mixture of correctly applying a leap
second, while also doing time smearing because an upstream source is doing
time smearing.

BSD is simply doing the wrong thing here. (My understanding is that BSD time
servers are not permitted in the ntp pool because of the problems they cause.)

~~~
floatboth
Of course you shouldn't mix servers that handle and ignore the leap second in
one pool, so OpenNTPD servers aren't accepted in the ntp.org pool. Doesn't
mean you can't run OpenNTPD as an internal server for your machines :)

[http://marc.info/?l=openbsd-
misc&m=143544318718489&w=2](http://marc.info/?l=openbsd-
misc&m=143544318718489&w=2)

------
okket
And the winner of the battle between NTP (classic) and NTPsec is... chrony

[https://chrony.tuxfamily.org/comparison.html](https://chrony.tuxfamily.org/comparison.html)

~~~
xenophonf
There's lots of good things chrony does that NTP doesn't and vice versa, but
since chrony doesn't support Windows (roughly a third of the server market), I
wouldn't claim that it's the clear winner.

~~~
curun1r
Doesn't Microsoft have their own NTP implementations for use in the Windows
world? IIRC, it's called Windows Time Service and it's included with Active
Directory.

At a previous job, we pointed our in-office linux dev systems at our Windows
domain controller and never had any issues with time synchronization. Since
this was back in this embrace-and-extend days, I was pleasantly surprised by
how interoperable MS was when it came to NTP.

~~~
xenophonf
I support scientific computing, so depending on the application I will replace
w32time with ntpd, which offers better accuracy and built-in support for
reference clocks.

That said, I didn't realize that the w32time service got a _lot_ better in
Windows Server 2016:

[https://technet.microsoft.com/en-us/windows-server-
docs/iden...](https://technet.microsoft.com/en-us/windows-server-
docs/identity/ad-ds/get-started/windows-time-service/windows-2016-accurate-
time)

It looks like Microsoft added support for NTPv4, and w32time now boasts 1-ms
accuracy, which is at least a factor of 10 better than the previous Windows
Server release.

------
mdekkers
_[...]began working with two of its representatives, Eric S. Raymond[...]_

Usually signals the start of much drama.

------
xorcist
The presentation mentioned was where I learned of the project. It sounded very
very strange to me. Script kiddies who don't what what NTP does, only that
it's good for DDoSing? What what that about..?

I wasn't surprised to learn that the project one year later was caught up
evaluating Rust vs Go. That's great and all, but it's not saving the Internet
from "meltdown".

Anyone who needs a modern ntpd and doesn't need the refclock stuff should
probably just go with chrony.

~~~
problems
> Script kiddies who don't what what NTP does, only that it's good for
> DDoSing? What what that about..?

There were several large reflection issues in ntpd in the past few years which
led it to become a popular DDoS method. Reflection is the big winner lately.

No need for a botnet, just scan UDP services, find ones which reply with large
packets or a series of packets and then spoof your IP (easy from many VPS and
dedicated server providers) and flood out requests for those large packets.

You can get amplification of 100x as much traffic with only a small request
and it's quite challenging to trace back to the original source due to the
spoofed packets.

~~~
feld
I'll bite. Which large VPS / dedicated server providers don't implement BCP38?

~~~
problems
I'd rather not name and shame, but suffice to say a quick test with hping
shows this is currently working on a number of my servers, some on larger,
some on smaller providers. And all it takes is 1.

You definitely have to hunt around if this is something you want and the
number does seem smaller than I remember it being so many more are probably
implementing it since I last checked, but still not all.

------
gpvos
What's the status of phk's ntimed? The planned release dates on
[http://nwtime.org/projects/ntimed/](http://nwtime.org/projects/ntimed/) were
quietly shifted from 2016 to 2017 a few weeks ago, and I'm not seeing much
happening at [http://phk.freebsd.dk/time/](http://phk.freebsd.dk/time/) .

~~~
acqq
I expected it will be like that as I've read how PHK wrote about it.

Whoever comes to some big project sees only the small part of it that he
immediately understands, and it appears to him as he can do it "much simpler."
Yes he can, if he just does that small part. The problem is, the big projects
actually do more. If you don't need the big project, you can use the small
simple project too. Everybody has fun making something small. Maintaining
something big -- that's the hard part, and we see from the article we comment
to, it's again what the "saviors" want to avoid:

"[Their plan was] to rescue something, quote unquote, fix it up, and turn it
over to a maintenance team."

~~~
scj
From what I understand of ESR's claims, much of the removed functionality is
support for older platforms. Unlike NTP Classic, he asserts POSIX and C99.
Apparently, this has drastically reduced complexity/size.

Of course, I haven't worked on the NTP code. But given the described
circumstances, I'm willing to entertain the argument that older features now
cost more to maintain than they are worth.

~~~
acqq
Sorry, you fully missed the topic here. There was another "liberator" who did
his own, "NTP (minus most of it) from the scratch" effort -- PHK, not ESR. See
the posts in the thread please, specifically, the one by gpvos for the link.

The problem is, none of these "liberators" actually improves NTP, and none can
(by default from their goals) provide a "better" NTP but only a small subset,
typically even less tested. And everybody of those gets some funding and a lot
of the attention, instead of the real maintainers of the darned NTP.

Doing big, widely present and very compatible and long-lived projects is hard.
Very hard. And the maintainers should be helped, not blamed.

~~~
oblio
As an outside observers - and ignoring the whole drama aspect of ESR - you say
"very compatible".

Does "very compatible" mean "wider compatibility than POSIX and C99"? If so,
that's a very ambitious goal, but is it worth in this age?

~~~
acqq
It's very clear that I don't consider as positive contribution anybody not
willing to commit to the support of the big project but who promotes his
quasi-solution as discarding the existing feature set and the existing
compatibility and then running away.

If somebody complains "the source is not up to the current security standards"
that doesn't mean that anything has to be discarded to work towards that goal.

And if somebody wants to make the source compiling _only_ with the most recent
compilers and only for the small subset of the previous platforms he obviously
has another agenda than improving the security, or actually helping the
project. It's just enforcing his taste to the people who never asked for that.

For my personal experience, at my previous work I was able to "just use" NTP,
and I know that on these platforms I still can't use any of the alternatives.
I admit I surely have another perspective than the average Linux user who
doesn't really care what keeps his time in sync as long as it "looks right."

~~~
rbanffy
Sometimes dropping older platforms is a sane approach. In this case, however,
I would expect even MIPS R4000 running IRIX and PPC 603 AIX boxes to still be
able to keep their internal clocks in sync the same way my Xeon machines do.

~~~
acqq
Also worth considering "NTPsec has removed lots of stuff that has zero
reported bugs in them, like sntp, the ntpsnmd code, and various refclocks."

And reading this comment:

[https://lwn.net/Articles/714279/](https://lwn.net/Articles/714279/)

"in general all the other NTP implementations likewise lack broad support for
all the various reference clock hardware and drivers. This is why ntpd is
still used so heavily as stratum 1 servers."

And, additionally.. are the servers running Windows a small and obscure base?

------
deelowe
Ugh. Why can't people just act civilized to each other? I can't believe this
type of empire building goes on even for projects as auturistic has NTP.

~~~
adekok
There are a large percentage of people for whom power games are more important
than getting things done. See narcissism, cluster B, etc.

Those people are toxic, and removing them from your community makes everything
better. If you can't do that, ensure that the only topics of discussion are
reality based, and focussed on getting things done.

I'm not saying the people here meet those criteria. But it does answer your
question.

------
derekp7
I wonder how much the funding of NTPsec plays into this story? Funding is tied
to the need for a project. If a project can claim an exaggerated need, then
they can get more funding. So you end up with a conflict of interest when you
hear one side's version of of reality.

------
gumby
Par for the course for Raymond: make a big noise, little motion, claim credit.

Stenn just gets things done.

disclaimer: have known Stenn since the 90s, Raymond casually since the 80s.

------
someguydave
Why not get rid of NTP altogether? For servers, they ought to be able to
accept a hardware time and frequency inputs. Typically this would mean a 1
Pulse-Per-Second (PPS) signal and a 10 MHz signal. You might also want some
kind of serial signal that describes the date and time to label the last
second pulse.

Why don't any professional servers come with this kind of connection built-in?
Why can't I synchronize my Xeon chip's clock to my own reference frequency?

~~~
xenophonf
1-second-per-second is a difficult engineering challenge:

[https://rachelbythebay.com/w/2014/06/14/time/](https://rachelbythebay.com/w/2014/06/14/time/)
(associated HN discussion -
[https://news.ycombinator.com/item?id=8066915](https://news.ycombinator.com/item?id=8066915))

Here's a choice quote from the NTP FAQ ([http://www.ntp.org/ntpfaq/NTP-s-sw-
clocks-quality.htm](http://www.ntp.org/ntpfaq/NTP-s-sw-clocks-quality.htm)):

 _Unfortunately all the common clock hardware is not very accurate. This is
simply because the frequency that makes time increase is never exactly right.
Even an error of only 0.001% would make a clock be off by almost one second
per day. This is also a reason why discussing clock problems uses very fine
measures: One PPM (Part Per Million) is 0.0001% (1E-6)._

And if you want to delve into the physics, you'll enjoy this tutorial by John
Vig (U.S. Army Communications-Electronics Command):

[http://www.am1.us/Local_Papers/U11625%20VIG-
TUTORIAL.pdf](http://www.am1.us/Local_Papers/U11625%20VIG-TUTORIAL.pdf)

~~~
someguydave
That might have been true awhile ago, but today you can get GPS-disciplined
oscillators that can produce 1 PPS accurate down to tens of nanoseconds. By
accurate, I mean "replicates what the NIST or USNO atomic clocks indicate."

------
notacoward
I read through some of the blog posts related to language choice for NTPSec
(helpfully provided in LWN comments).

[https://blog.ntpsec.org/](https://blog.ntpsec.org/)

I can't help but wonder if there are other options, most notably C++. Don't
get me wrong, I have a well developed loathing of C++ based on past
experience, but it seems like a category fit and people I respect have said
good things about the latest versions. Nim would also seem like a pretty good
fit technically, though I could well understand if its relative immaturity and
lack of developers (another recent story here on HN) cause it to be deemed
inappropriate for this situation.

------
mcguire
" _[Sons] has since become president of ICEI; she described herself in the
presentation as having "moved on" and is no longer involved with NTPsec on a
daily basis._"

" _Already, where once only Stenn was looking for support, now Raymond is in a
somewhat similar position, as NTPsec has lost its Core Infrastructure
Initiative funding as of September 2016._ "

So, a drive-by fork.

BTW, had anyone used any project that ESR is heavily involved in? The only
things I know about are NTPsec, fetchmail and his attempt to hack the Linux
kernel build system.

~~~
jlgaddis
According to ESR, if you use a mobile phone, you're using his code (I assume
this to refer to gpsd).

~~~
mcguire
" _GPSD is everywhere in mobile embedded systems. It underlies the map service
on Android_ [4.0 and after?] _phones. It 's ubiquitous in drones, robot
submarines, and driverless cars. It's increasingly common in recent
generations of manned aircraft, marine navigation systems, and military
vehicles._"

Interesting, thanks.

------
throw7
why was the buildsystem changed to waf? ugghh. ntpsec wants to lower barriers
to entry just use/update autotools.

~~~
zeveb
I have no experience with waf, but I have some with autotools, and 'barrier to
entry' is a good description of autotools. Also 'barrier to progress,'
'barrier to happiness' and 'barrier to sanity.'

~~~
makomk
CMake is the usual choice of developers who don't want to deal with autotools
these days. Making people learn yet another build system is not going to be
popular.

