Slashdot Mirror
NTP Pool Project Reaches 500 Servers
flok writes "Finally after 3 years the NTP Pool project has reached 500 servers! The NTP pool project tries to be an accurate and free time-source to every internet-connected device. Everybody who's system has running an NTP daemon which can give an accurate time-indication can join the project. Not only is it handy to have accurate time on your workstation to be able to see when you need to leave the house to catch the train in time, it is also usefull to be able to accurately correlate events between your system and others in case one gets hacked."
It syncs with the atomic clock every night. Speaking of that, why is there no USB type device to allow timesync that way?
Congratulations. If you are reading a Slashdot thread about 500 time servers, you really are a nerd.
Life in Orange County
Why is 500 servers notable?
And what makes sure the trains are on time?
the layman's guide to computer science
...i never ralized time was so useful! who woulda thunk it.
I live in an area with buses and a DOT that doesn't give a shit about being 12 seconds early. Oh well. I will continue to use my watch set 5 minutes fast.
However, congrats. I will continue to use your NTP servers for computer related crap well into the future.
I'm confused. They are supposed to be a reliable time source, and their home page doesn't even show the current time!
There are some nifty bits of nastiness that can be delivered when a machine is privy to having its clock changed from afar.
I hope these servers carry alt.binaries.pictures.erotica.breasts.large
Oh, sorry I read that as NNTP
For all intensive porpoises your a bunch of rediculous loosers
What is it with PCs? I've owned several over the last 15 years, and without exception
the clocks simply could not keep accurate time. I've bought 5 buck watches at wal-mart that
kept better time than my PCs. In some cases, they lose (or gain) several (somtimes tens of)
seconds per day.
Is it those Dallas chips that can't keep time? or is it the clock frequency division that
most PCs use?
other than that I don't think I'd bother. a couple of minutes here or there hardly matters.
Deleted
We've run public NTP servers for the better part of a decade now, mostly for the convenience of geographically local folks like the various LUGs. When I found out about the pool, I had our servers added there. Everything was fine for a few months, then over a month we started getting phone calls from firewall admins about how our time servers were attacking their networks. Every time a machine in their network would ask our servers for the time, our servers responded with 10 packets spaced at 1 second intervals, so these improperly configured firewalls were logging a lot of packets from us.
I finally shut it down after one particular call, the third that week, where the caller was rude and abusive when I suggested that he should be doing more investigation about the traffic before calling someone else to complain about it. Being a public service, it's just not something that scales well to have to field these calls. I hated to do it, but it was just too much of a distraction.
I'm not saying that you shouldn't add your servers to the pool... I just thought it was an amusing story.
Sean
Supposedly, if you need an accurate timebase, you are supposed to just use GPS (which gives the exact time) instead of relying on a complicated clock protocol.
It is great that NTP is so widely distributed. It is typical that at the moment the old technology is finally working, there is an altogether better solution.
http://www.thebricktestament.com/the_law/when_to_
A proper NTP implemetation for a computer gathers information from several clock sources. The NTP protocol also has provisions to determine whether a clock is accurate or not based on the responses from other clocks. IIRC, this is called a "false ticker" in the spec.
(S(SKK)(SKK))(S(SKK)(SKK))
What keeps someone from joining the pool and giving out the wrong time?
Nothing.
However, NTP clients uses multiple servers and uses some fairly advanced correlation algorithms to detect outlyers and bad servers. The client configuration is your responsibility. So configure it to use a set of servers that you believe you can trust.
There are some nifty bits of nastiness that can be delivered when a machine is privy to having its clock changed from afar.
Then use the secure protocols.
All machines in the NTP pool are monitored for quality and if they are bad enough, they won't be put into the pool.
Also, it is recommended that you have at least 3, maybe up to 5, NTP servers so that you can detect a bad NTP server. (If you have one time server, you won't know that anything is wrong. If you have two, you will know something is wrong, but you won't know which NTP server is bad. If you have three or more, you can pick the best one.)
SPF support for most open source mail servers can be found at libspf2.
Does anybody really know what time it is
I don't
Does anybody really care
care
If so I can't imagine why
about time
We've all got time enough to die
Oh no, no
The obscure we see eventually. The completely obvious, it seems, takes longer. - Edward R. Murrow
When you are sure of something, you probably are wrong (search for "Unskilled and Unaware of It").
Debian's default NTP configuration is to get time from pool.ntp.org. This is a significant contribution to the Linux world, similar to how Microsoft and Apple provide NTP service to their customers. Yay for us!
There is modest protection against bad servers in the pool. The time from pool servers is monitored and if a server seems insane it's taken out of the rotation.
My pool server gets about 14 requests a second from about 100,000 different IP addresses a day. Sadly, a lot of those requests are junk; 100 IP addresses account for 1/3 of all the requests I get. Fortunately NTP is a very lightweight protocol, so you can mostly ignore the spammy clients.
Back when I was a university system programmer, I had an officemate named Tim. One day, Tim was poking around and discovered that hundreds of computers all across campus were synchronizing their clocks to his desktop workstation. He quickly figured out why.
The naming standard for desktop machines was to take the employee's first name and concatinate it with the first letter of their last name. So my desktop machine was named "johns.cc.uic.edu". Tim's machine was named "time.cc.uic.edu" because his last name began with "E". (cc meaning a "computer center" machine.)
Apparently many many university departments and users poked around and discovered what was obviously an official time server and configured their computers to synchronize to Tim's desktop machine. Tim, of course, had set his computer's clock by the office clock and never given it a second thought.
I think you mean 1000000000 NTP servers, right?
"Everybody who's system" Ouch. Double whammy!
It would also be nice if ISPs would set up their own pools (and advertise them) so clients wouldn't have to go off network, and then if end-users would would set up their own pool for their networks. Not every machine that needs accurate time has to be at stratum-2 or stratum-3, especially workstations. The NTP Pool website makes it look like it is a good idea if every machine on a network syncs to the NTP Pool, instead of setting up internal servers, which is how NTP is really designed to work.
(S(SKK)(SKK))(S(SKK)(SKK))
accurately correlate events between your system and others in case one gets hacked."..... Of course, syncing database transactions is of no concern..
.sig
1.) A proper NTP implementation will only normally change the skew of your clock, so it speeds up or slows down, but does not jump around.
2.) A proper NTP implementation will assume that a clock with a large variance compared to other sources is unreliable, and so it will try not to use it. Of course this assumes you have more than one time source available (and configured).
For years, I've kept my own NTP server. It has references to like a dozen other NTP servers, and then all my other servers reference my own NTP server. I'm not as interested in having time 100% spot perfect, as in having all the servers together, so that cross-examining log files is possible. (BTW, setting up an NTP server takes all of about 10 minutes, with basically zero administration, other than making sure that NTPd is running)
I don't do any address restriction on the NTP server. Anybody doing a UDP sweep could find this time server easily. Is this a "Public" NTP server?
Now, at the moment, this particular time server sits on a DSL line, (NTP is pretty lightweight) so I don't go publishing it, but what constitutes a "public" NTP server - the DNS name, or its inclusion on a particular published list?
I have no problem with your religion until you decide it's reason to deprive others of the truth.
"It would also be nice if ISPs would set up their own pools (and advertise them) so clients wouldn't have to go off network"
i cal/architecture/dhcp.asp
Agreed. Most do, but as you mention, don't advertise them. I am not sure how many people would actually know what to do with them if they were advertised though.
It would be quite slick if they advertised them via DHCP, and clients used that info to auto-configure their ntp client. All quite possible and very easy to do by the ISP. NTP servers can be advertised via dhcp.
http://gentoo-wiki.com/HOWTO_NTP
http://www.greyware.com/software/domaintime/techn
The only athletic sport I ever mastered was backgammon - Douglas William Jerrold
I noticed that Fedora (at least early releases) sets the default ntp server to a .redhat.com server, and I believe Ubuntu sets the default to an ubuntu project server.
Does anyone know if these distros use traffic to their servers to track installed base? Or are they just being extra friendly?
Some people went as far as to write scripts that would add bad clients to the server's firewall rules. However, given that every other service I run has some mechanism or another to limit abuse, I didn't want to enable such a system for just this one relatively minor daemon.
ISC: please give ntpd a working way to automatically ignore broken clients! I'm more than happy to offer my little machine to provide a worthy public service, but watching my server grind down as it answers 600 packets per second - 99% (literally) from the same small pool of machines - was enough to make me withdraw.
By the way, I quit by simply removing my server from the DNS pool. Machines still synced to my server are welcome to remain there as long as they follow reasonable etiquette, but I won't be advertising for new clients in the near future.
Dewey, what part of this looks like authorities should be involved?
For what it's worth, it's not immediately obvious how to do this. If you were to add multiple servers entries in ntpd.conf, all with pool.ntp.org, then DNS would just cache the first call and you'd point to the same machine all the time. The way to do this is as follows:
server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
Now you'll get a different server and life will be good. You can also use country specific NTP servers like 0.us.pool.ntp.org. Sorry if this is obvious to most people, but it wasn't to me. We've been reluctant to rely on the pool in case of a bad machine that will cause all our timed jobs to fail, and this fixes the problem. There's a good wiki at http://gentoo-wiki.com/HOWTO_NTP.
If you don't want crime to pay, let the government run it.
"who's"
"usefull"
What's up with you guys? I'm not even a native speaker. You were just a "should of" and an "it's" short of a crap submission.
Great initiative. But I have seen better performance of NTP servers...
Trying netdate nl.pool.ntp.org failed with a connection refused. So I decided to try some nl.pool.ntp.org servers one-by-one. Of the 8 servers I tried, 1 gave a connection refused error, 6 didn't reply at all. Only one gave the correct time.
Then I decided to try some more european servers: Of the 90 servers tested, only 7 gave a valid reply.
Now one could say that the servers have just been slashdotted. But NTP isn't really a protocol that uses a lot of bandwith, cpu or any other resources, is it? I can imagine a few HTTP (which uses major bandwidth) servers being slashdotted... but 500 NTP servers???
I'll try again in a few days. But it looks like i'll stick with my current favorite ntp server.
.sig: No such file or directory
And this exactly why the default OpenBSD settings connect to 8 different ntp pool servers:
That was my point exactly: NTP is most useful within a site, on a LAN. But a radio system, be it Navstar or Galileo GPS signals, or WWVB, or CDMA, is a better way to bring the timebase into the site itself. A WAN link isn't deterministic enough. (I'll admit to knowing nothing about QoS. Could it help?)
;) In practice, they do have GPS-disciplined clocks, but they're not critical to the operation of the network.
GSM and other systems that use TDMA as a radio access method can tolerate more timing trouble than CDMA. As far as I know, a TDMA site doesn't need a good master clock, since timing slips between sites are unimportant. So, the signal from a GSM site isn't necessarily any more accurate than the limits of the radio band allocation.
CDMA, however, falls apart in some very ugly ways if the sites lose sync. So they go to great pains to ensure ultra-stable and reliable timing at each site. Installers program the GPS receiver to compensate for the timing skew in the antenna cable, for instance. (Ever wanted to know the velocity factor for a dozen different types of coax?) The handsets have to play the sync game too, so it's fairly easy to use an existing chipset to pluck microsecond-accurate timing out of the air.
According to the project web page you can expect 10-20Kbit/sec of traffic, which works out to 6 gigabytes per month of traffic. It doesn't say which direction but I suspect NTP would be pretty symetrical so this would triple the inbound volume to my co-lo.
Thats a lot of volume for me, so I don't see how I could contribute a server.
Its a shame that they can't include a dynamic DNS hack into the system. My home system has heaps of volume at a fixed price, but it is on a dynamic IP.
http://michaelsmith.id.au
NTP clients typically are set up to look at multipe servers. The clients sync to the server that currently seems to have the "best" information. Clearly the one server that is feeding the wrong time will be seen as "different" and ignored.
Clients switch servers in real time. They continously compute which server is the "best" Well, that's an over simplification but close enough.
I run it once every couple of days. Works for me. YMMV.
NTP from a public server is way overkill for most uses. Everyone talks about how easy it is to use - until things start going wrong. There are just too many moving parts that can break.
Wi nøt trei a høliday in Sweden this yer?
See the løveli lakes
The wonderful telephøne system
And mani interesting furry animals
This NTP 'project' sneaks into my router, a linksys router, any time it likes and does its 'work' about which it keeps me in the dark. It says it just offers 'time', but none of the network peripherals that it automatically goes into tell you what port it uses! These same routers do not allow the users that paid for them to set the time on them. I think those users are getting not only screwed but hacked as well. Who knows what packets come riding in along with the 'time'. Maybe it is TIME WE FOUND OUT!!!
So next time some blithering lightweight blathers about boredom or insults its readers with silly personal insults, look beyond the obvious and smell the coffee that he/she missed.
GPS time is off by 14 seconds.
w00t