pool.ntp.org is a open source project (under Apache License) with a open group of contributors (volunteers). Basically the opposite of what Cloudflare is and stands for.
Sponsoring servers in pool.ntp.org wouldn't support Cloudflare's goal(s).
I don't think they were implying it would support Cloudflares goals, but it would be nice to see big companies helping to fund public services, especially when many companies profit from open source tech.
I agree with what you say but if a person sets up a for-profit company, their goal will always be to generate profits, not to be/do good. That's why we don't see Cloudflare supporting things like pool.ntp.org
Apple and Microsoft run their own pools for their own OS clients. There is purpose and value in not having critical internet infra not held and operated by for-profit companies (see: ntp pool, let's encrypt, root dns servers, etc).
What Cloudflare offers the community is cool, but the world at large should be prepared for them to evaporate at any time (or, more likely, to be acquired by someone not as benevolent).
Target accuracy for pool inclusion is not sufficient for many use cases. I've personally seen tens to 100s of ms difference between pool members. With no quality filter that's strict enough, adding more to that pool doesn't help.
We contribute back our changes to open source all the time via https://cloudflare.github.io/. We upstream where people will take our changes. We directly pay open source developers (take a look at all the money we paid to Mike Pall for LuaJIT) and employ/employed people working on open source projects (e.g. OpenResty).
Over years we've been contributing and explaining how we operate and open sourcing the relevant code (just look at the series of blogs by Marek Majkowski and others talking about how we fight DDoS and open sourcing the tooling).
Dunno man, they release tremendous amounts of code, and pump huge resources into audits and other things which often go unaddressed in public projects. Aside from a moment of executive weakness a few years ago, they've been very principled and extremely generous.
I'm a bit concerned that they may become unprincipled and tyrannical once they are critical infrastructure, but that's a separate matter. Google is extremely generous as well, but as of late they are also disturbingly meddlesome.
While I think your conclusion is a little strong, it is fair to say they're trying their hardest to legitimize by becoming entangled into almost every possible piece of infrastructure around.
As far as giant databases in the sky are concerned, in my book Cloudflare joined the same category as Google a long time ago. I don't like them because they've become another data-aggregating SPOF anyone with sense should actively avoid depending on
Even if they don't contribute anything, I'm sure they comply with the license. The software author should've thought twice about the license they use. They will only be thieves if they don't comply with the license.
This could be either software authors mistaking non-copyleft for copyleft, or unrealistic expectations about how companies, and capitalism works.
I'm a huge fan of Cloudflare in general, but sometimes I'm a bit uncomfortable with how much critical infrastructure is increasingly consolidated into a few single entities.
Couldn't agree more. They offer an amazing service for free; however, we shouldn't forget that they control millions of websites at a DNS level.
That's a lot of power, and a lot of responsibility. If there was an internal breach at CloudFlare, a sizeable chunk of the modern web would be in danger.
Though I find it almost equally commendable how much effort they put into applying their infrastructure know-how into making IPFS, Ethereum etc. accessible lately, and with that help pave a way for a more decentralized internet again.
So frustrated that Cloudflare didn't just add resources/support the existing NTP Pool. Hard to even pretend their motives are altruistic at this point.
Disgusting that supposed "hackers" and experts on hackernews advocate for single point of failures in the internet infrastructure.
The internet is supposed to be distributed. If the NTP pool admins go nuts, have a fight etc, I'm glad there is an alternative. You can generally specify multiple sources, this would be a new source.
And it's always the BS "they're evil" argument - when the posters contribute nothing themselves to progress.
In a technical sense, yes. But privateSFacct is referring to non-technical single points of failure.
Another example would be governmental capture of some chunk of the current NTP admins or something.
An organization, by its nature, is vulnerable to some potential single point of failure. Low probability, sure, but having a competing organization ready to step in can actually help keep that probability low by keeping the focus on.
I don't get it either to be honest. If the software is free (as in freedom) then there's practically no lock-in or lock-out. NTP people could also provide roughtime watchdogs/time to get their time to more people.
Many folks these days are deploying in the cloud, where it's difficult to deploy your own hardware. Many would see it as too costly to maintain the hardware in a separate datacenter with a fast connection to their cloud provider.
The advantage of this is that it runs on Cloudflare's network, where your cloud provider surely has a fast connection to the nearest edge.
That does seem like the obvious problem with this. For example AWS apparently have GPS time sync to all their datacenters in order to provide accurate NTP time to the instances in them: https://aws.amazon.com/blogs/aws/keeping-time-with-amazon-ti... It seems like it'd be hard to beat the connection speed and all-around performance of that, especially since there's a cross-internet trip from the third party stratum 1 servers to Cloudflare as well as the one from their servers to you.
Its actually not clear what you'd get. So I set it up on a server, and it shows as Stratum 3. So that means Cloudflare's service is a Stratum 2. I'd much prefer if they were a 1 and the servers would get a 2, but I guess for free that's what you get.
The advantage for this is if you are running servers in production, this is easier to set up.
Getting authentication set up with stratum 1 provides was an involved process. I don't think any fax machines were involved but we came pretty close. Also many stratum 1 servers have rules on who can use them, so finding ones can be tricky.
The linked blog post implies that they don't even have any of their own stratum 1 servers, they've just negotiated to get authenticated time from some other people's existing stratum 1 servers via the existing NTP symmetric crypto protocol.
Edit: dropped their address in my NTP config, and the Cloudflare server I got is a stratum 3. Don't see many of those about now, generally pool.ntp.org returns a mix of stratum 1 and 2 servers at least for the UK. Guess it's not too surprising if they're getting time from a handful of third-party stratum 1 servers and then distributing it to their edge nodes though.
I think it would be super interesting if they started offering IEEE 1588 v2 aka Precision Time Protocol, but it would be much harder to offer compared to ntp. What they're almost certainly doing here is just running a cable to the roof where they have a GPS antenna and then run it into their datacenters into a time appliance (less likely) or a GPS pci card in one of their servers (more likely) that they then send out to those who want access.
You really can't do PTP over the internet, at least not meaningfully. Anyone who needs PTP is going to have their own grandmasters, reference sources, etc - and then a distribution network.
Most telecoms applications use an ePRTC source which tends to be implemented as a GPS/GLONASS/Galileo redundant frequency source, plus a local rubidium source or cesium reference. High-end telecoms applications use a hydrogen maser.
You can't stuff that over an unmanaged network and get the performance you need. Hardware needs to support it hop-to-hop.
Yeah I agree, but ptpv2 does support unicast and you can set offsets. It would be very challenging, but not impossible sans the very high res stuff where you need oscillators on the switches and routers, as you alluded to. It wouldn't get down to the sub-10 nanosecond sync you get with a proper stratum 1 timesource (such as the rubidium decay ones), but you could get faster than the guaranteed 1 second of accuracy which is what I believe ntp used to guarantee from a protocol level.
That was my point. Also if you're inside one of Cloudflare's many POPs, this could, in theory, be provided.
PTP over Internet doesn't make much sense. PTP requires hardware support in all network devices on the path between the (grand)master and slave. Without this support it will generally perform worse than NTP. Of course, it depends also on the implementation.
PTP does support unicast messaging, but it is not meant to be used as a public service. There are two major problems: It's not stateless and it has a huge traffic amplification, which could be easily exploited for DoS attacks.
Yes, but NTP as a time service (client/server mode) is safe. A request has a single response and their lengths are symmetric (that's actually a requirement for accurate synchronization). The problem with amplification is in the optional monitoring/control modes of the protocol (modes 6 and 7 as used by the ntpq and ntpdc utilities respectively), which should be disabled on public servers. Unfortunately, there are still some old misconfigured servers causing problems for a lot of people.
In PTP the problem is in the synchronization protocol itself. A master in the unicast mode is basically a programmable packet generator. It sends sync/announce messages at a rate and duration specified by its slaves, and the address can be spoofed.
For a project I was working I needed to synchronize clocks with extremely high precision (though accuracy was less important, and it was masterless so there was no authority) similar to PTP and I created the following simple system:
1. Server: Connect over TCP. For every byte sent, responds back with that system's time in microsceonds.
2. Client: Select a few peers, one at a time: connect over TCP, send a byte and note the round-trip time, halve it to get an approximation of the timepoint that the value was sent to you at, compute delta from current system clock; repeat 20 times, discard first 5 values; exclude outliers (+/- 1 standard deviation) and average to compute the offset, then repeat for the next host, etc until you get some change to make
It worked out and kept the required precision among the collection of nodes required for Ceph to work well.
We follow RFC 5905 which specifies how upcoming leap seconds are handled. The linux kernel will step the time and the timestamps in UTC will be correct. NTP handles leap seconds robustly.
I assume Cloudflare does not serve leap-smeared time? In regards to rough-time, does anyone know what the result would be when both Cloudflare and Google are used at the same time, and Google serves leap-smeared time?
That's for their roughtime servers, which is a different service than the NTP servers they offer on the same page (though it could be clearer that they're distinct). The advantage of roughtime is that it's cryptographically signed and auditable, so you can be confident about using it to check things like TLS cert expirations (for which 10 seconds is plenty accurate).
"within 10 seconds of real time, but security is paramount"
You cut off the important bit. Roughtime servers sign their responses, so you can be sure you aren't getting a malicious time response (or if you do, you can penalize that server).
Per google [0]: "With only two servers, the client can end up with proof that something is wrong, but no idea what the correct time is. But with half a dozen or more independent servers, the client will end up with chain of proof of any server's misbehaviour, signed by several others, and (presumably) enough accurate replies to establish what the correct time is."
I think it'd be nice to have some middleware hooking into the build process that curls every link at a depth of 1 to ensure that HTTP 400/500 error codes aren't returned.
It has 12 evenly distributed lines, which are commonly used to represent the numbers on an analog clock.
It has an hour hand, a minute hand, and a second hand.
The only thing I can see that seems even a little off is that the hour hand seems slightly past the 1 mark, whereas the minute hand being on ~54 suggests it might want to be slightly before.
Only looking at this because I saw this reply. I don't have a visceral reaction to it, but I do believe that the design of the clock is rather ambiguous. From my perspective, the minute hand is actually at ~24 hence the hour hand being a little past 1.
Given that it's so easy to mix up (I had to stare at it to be sure), I'm guessing the parent commenter got frustrated with it. ️
Personally, I don't trust Cloudflare. There's just something a bit shady about a company that defends web sites which pretend to have Adobe Flash updaters or pretend to be bankofamerica.com as free speech.
That said, I don't imagine they could screw up NTP too badly, except, of course, logging and tracking users.
I hope they don't smear leap seconds like Google, or do any of a number of other dumb things simply because they're big enough to get away with it:
https://www.ntppool.org/en/