Slashdot Mirror
NTP Pool Project Reaches 500 Servers
flok writes "Finally after 3 years the NTP Pool project has reached 500 servers! The NTP pool project tries to be an accurate and free time-source to every internet-connected device. Everybody who's system has running an NTP daemon which can give an accurate time-indication can join the project. Not only is it handy to have accurate time on your workstation to be able to see when you need to leave the house to catch the train in time, it is also usefull to be able to accurately correlate events between your system and others in case one gets hacked."
Congratulations. If you are reading a Slashdot thread about 500 time servers, you really are a nerd.
Life in Orange County
Why is 500 servers notable?
And what makes sure the trains are on time?
the layman's guide to computer science
...i never ralized time was so useful! who woulda thunk it.
I live in an area with buses and a DOT that doesn't give a shit about being 12 seconds early. Oh well. I will continue to use my watch set 5 minutes fast.
However, congrats. I will continue to use your NTP servers for computer related crap well into the future.
I'm confused. They are supposed to be a reliable time source, and their home page doesn't even show the current time!
There are some nifty bits of nastiness that can be delivered when a machine is privy to having its clock changed from afar.
I hope these servers carry alt.binaries.pictures.erotica.breasts.large
Oh, sorry I read that as NNTP
For all intensive porpoises your a bunch of rediculous loosers
What is it with PCs? I've owned several over the last 15 years, and without exception
the clocks simply could not keep accurate time. I've bought 5 buck watches at wal-mart that
kept better time than my PCs. In some cases, they lose (or gain) several (somtimes tens of)
seconds per day.
Is it those Dallas chips that can't keep time? or is it the clock frequency division that
most PCs use?
other than that I don't think I'd bother. a couple of minutes here or there hardly matters.
Deleted
We've run public NTP servers for the better part of a decade now, mostly for the convenience of geographically local folks like the various LUGs. When I found out about the pool, I had our servers added there. Everything was fine for a few months, then over a month we started getting phone calls from firewall admins about how our time servers were attacking their networks. Every time a machine in their network would ask our servers for the time, our servers responded with 10 packets spaced at 1 second intervals, so these improperly configured firewalls were logging a lot of packets from us.
I finally shut it down after one particular call, the third that week, where the caller was rude and abusive when I suggested that he should be doing more investigation about the traffic before calling someone else to complain about it. Being a public service, it's just not something that scales well to have to field these calls. I hated to do it, but it was just too much of a distraction.
I'm not saying that you shouldn't add your servers to the pool... I just thought it was an amusing story.
Sean
Supposedly, if you need an accurate timebase, you are supposed to just use GPS (which gives the exact time) instead of relying on a complicated clock protocol.
It is great that NTP is so widely distributed. It is typical that at the moment the old technology is finally working, there is an altogether better solution.
http://www.thebricktestament.com/the_law/when_to_
Because you have the internet...
A proper NTP implemetation for a computer gathers information from several clock sources. The NTP protocol also has provisions to determine whether a clock is accurate or not based on the responses from other clocks. IIRC, this is called a "false ticker" in the spec.
(S(SKK)(SKK))(S(SKK)(SKK))
What keeps someone from joining the pool and giving out the wrong time?
Nothing.
However, NTP clients uses multiple servers and uses some fairly advanced correlation algorithms to detect outlyers and bad servers. The client configuration is your responsibility. So configure it to use a set of servers that you believe you can trust.
There are some nifty bits of nastiness that can be delivered when a machine is privy to having its clock changed from afar.
Then use the secure protocols.
All machines in the NTP pool are monitored for quality and if they are bad enough, they won't be put into the pool.
Also, it is recommended that you have at least 3, maybe up to 5, NTP servers so that you can detect a bad NTP server. (If you have one time server, you won't know that anything is wrong. If you have two, you will know something is wrong, but you won't know which NTP server is bad. If you have three or more, you can pick the best one.)
SPF support for most open source mail servers can be found at libspf2.
Does anybody really know what time it is
I don't
Does anybody really care
care
If so I can't imagine why
about time
We've all got time enough to die
Oh no, no
The obscure we see eventually. The completely obvious, it seems, takes longer. - Edward R. Murrow
There are devices that attach to a PC which sync the clock via radio - haven't seen one for USB yet, but I'm sure they exist. They're not very cheap, though, while internet syncing is free and easily accurate enough for most applications.
Switch back to Slashdot's D1 system.
When you are sure of something, you probably are wrong (search for "Unskilled and Unaware of It").
Debian's default NTP configuration is to get time from pool.ntp.org. This is a significant contribution to the Linux world, similar to how Microsoft and Apple provide NTP service to their customers. Yay for us!
There is modest protection against bad servers in the pool. The time from pool servers is monitored and if a server seems insane it's taken out of the rotation.
My pool server gets about 14 requests a second from about 100,000 different IP addresses a day. Sadly, a lot of those requests are junk; 100 IP addresses account for 1/3 of all the requests I get. Fortunately NTP is a very lightweight protocol, so you can mostly ignore the spammy clients.
A USB gps device can be easily used to timesync that way. Older modems could be put into a mode to decode the time from a dialup server. A suspect that a few HAM groups have a circuit that will decode the time too. However anyone who has cared about time accuracy has had access to NTP for two decades, and access to GPS recievers for almost as long. The radio broadcast time is less accurate then NTP unless you are right next to the transmitter. The radio waves skip across the atmosphere causeing unpredictable jitter. GPS is ofcourse the most accurate short of having your own atomic clock.
Back when I was a university system programmer, I had an officemate named Tim. One day, Tim was poking around and discovered that hundreds of computers all across campus were synchronizing their clocks to his desktop workstation. He quickly figured out why.
The naming standard for desktop machines was to take the employee's first name and concatinate it with the first letter of their last name. So my desktop machine was named "johns.cc.uic.edu". Tim's machine was named "time.cc.uic.edu" because his last name began with "E". (cc meaning a "computer center" machine.)
Apparently many many university departments and users poked around and discovered what was obviously an official time server and configured their computers to synchronize to Tim's desktop machine. Tim, of course, had set his computer's clock by the office clock and never given it a second thought.
I think you mean 1000000000 NTP servers, right?
"Everybody who's system" Ouch. Double whammy!
It would also be nice if ISPs would set up their own pools (and advertise them) so clients wouldn't have to go off network, and then if end-users would would set up their own pool for their networks. Not every machine that needs accurate time has to be at stratum-2 or stratum-3, especially workstations. The NTP Pool website makes it look like it is a good idea if every machine on a network syncs to the NTP Pool, instead of setting up internal servers, which is how NTP is really designed to work.
(S(SKK)(SKK))(S(SKK)(SKK))
accurately correlate events between your system and others in case one gets hacked."..... Of course, syncing database transactions is of no concern..
.sig
1.) A proper NTP implementation will only normally change the skew of your clock, so it speeds up or slows down, but does not jump around.
2.) A proper NTP implementation will assume that a clock with a large variance compared to other sources is unreliable, and so it will try not to use it. Of course this assumes you have more than one time source available (and configured).
For years, I've kept my own NTP server. It has references to like a dozen other NTP servers, and then all my other servers reference my own NTP server. I'm not as interested in having time 100% spot perfect, as in having all the servers together, so that cross-examining log files is possible. (BTW, setting up an NTP server takes all of about 10 minutes, with basically zero administration, other than making sure that NTPd is running)
I don't do any address restriction on the NTP server. Anybody doing a UDP sweep could find this time server easily. Is this a "Public" NTP server?
Now, at the moment, this particular time server sits on a DSL line, (NTP is pretty lightweight) so I don't go publishing it, but what constitutes a "public" NTP server - the DNS name, or its inclusion on a particular published list?
I have no problem with your religion until you decide it's reason to deprive others of the truth.
Researched this for work not too long ago. You can use a consumer-grade GPS receiver to get within 1 second accuracy, but there's a lot of jitter. More expensive PPS (Pulse-Per-Second) GPS receivers are extremely accurate but cost about $1,000. This is assuming you have a clear view of a large swath of sky. You can interface these with (GPL) NTPd with an RS232 serial cable or you can buy a $3,000 total hardware solution in an 19" 1U rackmount server.
There are also radio receivers that listen to WWV (same as the "atomic" clocks you buy at Wal-Mart). Again, you can buy a $3,000 total hardware solution, or you can use any handy shortwave receiver and patch the headphone jack into your sound card Line-in port and let NTPd do the same thing.
The third solution is to use a special modem that connects to a cellular network (Verizon was the one we looked at), I think that solution ran about $1,000.
This is all going by memory so I might be off on some of the prices.
DRM 'manages access' in the same way that a prison 'manages freedom'
"It would also be nice if ISPs would set up their own pools (and advertise them) so clients wouldn't have to go off network"
i cal/architecture/dhcp.asp
Agreed. Most do, but as you mention, don't advertise them. I am not sure how many people would actually know what to do with them if they were advertised though.
It would be quite slick if they advertised them via DHCP, and clients used that info to auto-configure their ntp client. All quite possible and very easy to do by the ISP. NTP servers can be advertised via dhcp.
http://gentoo-wiki.com/HOWTO_NTP
http://www.greyware.com/software/domaintime/techn
The only athletic sport I ever mastered was backgammon - Douglas William Jerrold
I noticed that Fedora (at least early releases) sets the default ntp server to a .redhat.com server, and I believe Ubuntu sets the default to an ubuntu project server.
Does anyone know if these distros use traffic to their servers to track installed base? Or are they just being extra friendly?
Some people went as far as to write scripts that would add bad clients to the server's firewall rules. However, given that every other service I run has some mechanism or another to limit abuse, I didn't want to enable such a system for just this one relatively minor daemon.
ISC: please give ntpd a working way to automatically ignore broken clients! I'm more than happy to offer my little machine to provide a worthy public service, but watching my server grind down as it answers 600 packets per second - 99% (literally) from the same small pool of machines - was enough to make me withdraw.
By the way, I quit by simply removing my server from the DNS pool. Machines still synced to my server are welcome to remain there as long as they follow reasonable etiquette, but I won't be advertising for new clients in the near future.
Dewey, what part of this looks like authorities should be involved?
For what it's worth, it's not immediately obvious how to do this. If you were to add multiple servers entries in ntpd.conf, all with pool.ntp.org, then DNS would just cache the first call and you'd point to the same machine all the time. The way to do this is as follows:
server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
Now you'll get a different server and life will be good. You can also use country specific NTP servers like 0.us.pool.ntp.org. Sorry if this is obvious to most people, but it wasn't to me. We've been reluctant to rely on the pool in case of a bad machine that will cause all our timed jobs to fail, and this fixes the problem. There's a good wiki at http://gentoo-wiki.com/HOWTO_NTP.
If you don't want crime to pay, let the government run it.
"who's"
"usefull"
What's up with you guys? I'm not even a native speaker. You were just a "should of" and an "it's" short of a crap submission.
Great initiative. But I have seen better performance of NTP servers...
Trying netdate nl.pool.ntp.org failed with a connection refused. So I decided to try some nl.pool.ntp.org servers one-by-one. Of the 8 servers I tried, 1 gave a connection refused error, 6 didn't reply at all. Only one gave the correct time.
Then I decided to try some more european servers: Of the 90 servers tested, only 7 gave a valid reply.
Now one could say that the servers have just been slashdotted. But NTP isn't really a protocol that uses a lot of bandwith, cpu or any other resources, is it? I can imagine a few HTTP (which uses major bandwidth) servers being slashdotted... but 500 NTP servers???
I'll try again in a few days. But it looks like i'll stick with my current favorite ntp server.
.sig: No such file or directory
And this exactly why the default OpenBSD settings connect to 8 different ntp pool servers:
That was my point exactly: NTP is most useful within a site, on a LAN. But a radio system, be it Navstar or Galileo GPS signals, or WWVB, or CDMA, is a better way to bring the timebase into the site itself. A WAN link isn't deterministic enough. (I'll admit to knowing nothing about QoS. Could it help?)
;) In practice, they do have GPS-disciplined clocks, but they're not critical to the operation of the network.
GSM and other systems that use TDMA as a radio access method can tolerate more timing trouble than CDMA. As far as I know, a TDMA site doesn't need a good master clock, since timing slips between sites are unimportant. So, the signal from a GSM site isn't necessarily any more accurate than the limits of the radio band allocation.
CDMA, however, falls apart in some very ugly ways if the sites lose sync. So they go to great pains to ensure ultra-stable and reliable timing at each site. Installers program the GPS receiver to compensate for the timing skew in the antenna cable, for instance. (Ever wanted to know the velocity factor for a dozen different types of coax?) The handsets have to play the sync game too, so it's fairly easy to use an existing chipset to pluck microsecond-accurate timing out of the air.
According to the project web page you can expect 10-20Kbit/sec of traffic, which works out to 6 gigabytes per month of traffic. It doesn't say which direction but I suspect NTP would be pretty symetrical so this would triple the inbound volume to my co-lo.
Thats a lot of volume for me, so I don't see how I could contribute a server.
Its a shame that they can't include a dynamic DNS hack into the system. My home system has heaps of volume at a fixed price, but it is on a dynamic IP.
http://michaelsmith.id.au
I run it once every couple of days. Works for me. YMMV.
NTP from a public server is way overkill for most uses. Everyone talks about how easy it is to use - until things start going wrong. There are just too many moving parts that can break.
w00t