Slashdot Mirror
D-Link Settles Danish Time Dispute
igb writes "The Register reports that DLink has settled the time server dispute described a little over a month ago here on Slashdot. They're going to stop using an NTP server they're not really authorized to chime with, and they've reached an amicable settlement over the use by existing products. The details of the settlement are, not unsurprisingly, somewhat vague, but let's hope that the good guys aren't out of pocket any more."
than to challenge a Time Lord!
It's strange these companies can't afford to set up a few of their own NTP servers instead of overloading servers that don't have the bandwidth. It it's because they are clueless or they are cheap?
And likely more. I've been telling my friends not to buy them, and I know of at least one buying decision that was made specifically for that reason that cost them $120 worth of sales of USB wireless adapters.
Need a Python, C++, Unix, Linux develop
Their hardware is crap. I've had their routers overheat and die, I've never seen a D-Link wireless setup that could be considered stable. I've owned network cards from D-Link that prevented another computer connected, by way of a crossover cable, from booting DOS. Let me repeat that: A D-Link card was sending out enough junk that it prevented a different computer from booting.
The bottom of the article says "D-Link remains committed to being a good corporate and network citizen." Screw that. They have never been either of these things they are "committed" to.
I, Anonymous Coward (the most prolific poster Slashdot has ever seen) hereby "commit myself to never purchase, recommend, or in any way interact with D-Link and their products, as much as possible, until such time as hell freezes over."
Part of the settlement involves him putting on his website "D-Link is dedicated to remaining a good corporate and network citizen."
Otherwise, considering his previous level of frustration, there's no chance he would shill for them like that.
[Fuck Beta]
o0t!
Seems to me that if you run a (public) NTP server with a publicly available IP address and/or DNS resolution, that means anyone (public) can use the (public) service - no?
No.
Do you Gentoo!?
More like you can configure your own router to talk to it, but what Dlink did wasn't a public thing. As a private corporation, they turned tens to hundreds of thousands of devices at it.
If each user had done that by themselves it would be a different game, since Joe Q. Public was doing it, but D-Link hardcoded it in.
The reason for this is to avoid problems like this, where the NTP server is overloaded or the NTP client is mis-configured and overloads the server or network.
Is silently migrate my legit users to another ntp server and then set the D-Link'ed ones to something like Klingon time or something bizarre, streach 8 hour days to 10 hours, etc. Of course that wouldn't solve the excess traffic, but you can get creative with revenge, especially when you're in the right.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
Public or not, you have to follow the rules. It is pretty well known that only 'Stratum 2' NTP servers are to use 'Stratum 1' NTP servers. This is not just a 'because we want it that way' policy. There are many good reasons for this.
http://en.wikipedia.org/wiki/NTP_vandalism
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
But if you have no problems with the DDOS aspect of this, let me know and I'll send you an e-mail attachment showing you how to be part of something bigger than your single server. ;^D
Thanks for the wiki link - very informative...I stand corrected.
There is now a way for vendors to use the NTP pool. See http://www.pool.ntp.org/vendors.html for details.
His NTP server access policy explicitly limited use of said server to the Danish Internet Exchange (DIX). In return, DIX provided him with a free internet connection for his NTP server. Because D-Link was sucking so much bandwidth, DIX told Kamp he would have to pay yearly for the connection. D-Link disregarded his server policy and abused his server. That's why it's a problem.
Also, his server is a Stratum 1, and, while not explicitly written, the D-Link devices should getting the time via a Stratum 2 server. At least, that's how it's commonly done.
Does that help explain things better?
Slackware
What's the difference? Of are you the sort of person that doesn't see a problem?
Comments should be like skirts. Short enough to keep your attention, but long enough to cover the subject
Someone at D-Link should simply have realized the mistake and paid for a few very fast servers to sit at a hosting facillity and respond to the requests -- and all the requests already using that service -- for as long as the Danes were willing to point the DNS entry for that server to them.
In the scheme of things, and from a marketing perspective, anything else is stupid and a waste of good will.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
We used a Belkin wireless router for quite some time with a cable modem - no problems. In comes Verizon with FIOS and they give us a free D-Link wireless router. My wife was constantly complaining about dropped connection. I tried relocating the D-Link all over the place to no avail. We switched back to the Belkin and BAM no problems at all. I give D-Link a grade of..."D"
What do they say that? - Sound like they go out of their way (advice about firewalls, etc) to let taxpayers "Set Your Computer Clock Via the Internet".
try { do() || do_not(); } catch (JediException err) { yoda(err); }
Do you like his hat? It's made of money!
Slashdot Burying Stories About Slashdot Media Owned
If something is "not unsurprising" doesn't that mean it was surprising? Like it was suprising that the details of the settlement were so vague?
I don't know. I'm just asking. Irregardless, I could care less...
I first saw it under Win98 back in 2000; no reason to believe anything's changed.
Even if the owner of an NTP server that had it's address hard coded into any mass marketed device was cool with it, hard coding NTP server addresses into a device is a very bad practice. In some cases the effect could be the same as a DDOS that won't stop.
D-Link's use of that poor guy's "free" service that was intended to service about 2,000 organizations in Denmark was costing the guy about $1,000 US a month. I guess that it will be OK with you if next halloween that I bring busloads of kids to your house to get all of the free candy that you will be handing out. Make sure that you buy enough candy as you won't want to run out.
When people put something out that is "free", they also also have the right to stop providing that something for free. If he had shut off his NTP server or changed the address; not only would his users be inconvenienced, but the users of the D-Link product could have been inconvenienced as well. I wonder what the downside is when these D-Links can't find the NTP server. I would hope that the thing would just sit there, refusing to operate until it can find the hardcoded NTP server and set it's internal clock.
I realize a few years back, when bandwidth came at appreciable cost, this might have been the case, but now?
Any technology distinguishable from magic is insufficiently advanced.
Public or not, you have to follow the rules.
"Have to" in what sense? In the sense that people bitch at you if you don't, then yes. "Have to" in the sense that there is some special rule for NTP servers that allows them to define acceptable use policies without getting a legal agreement, well, that hasn't been resolved.
The BIOS shouldn't even be aware of the network - it's just a bunch of random signals on a PCI bus at this point.
The bootloader shouldn't care about the network - unless you're doing a network boot, it probably doesn't even know about networks.
The OS could get confussed . . . attepmting to use ARP/RARP/BOOTP/DHCP (or perhaps any of a half-dozen other services which it might expect).
I don't suppose you captured any of the bogus traffic which caused this problem (using snoop/tcpdump/whatever)? I'm not sure I understand why a network card would create traffic on its own, let alone how that bogus traffic could prevent the routine booting of a separate system.
besides, the default time server is time.windows.com. nist is the alternate choice.
What D-Link did was unprofessional and irresponsible, they should be condemned for it, and Kamp had every right to complain to them. Nevertheless, it's good that this has been resolved without legal action. If Kamp had actually prevailed in court, it might have set a dangerous precedent: Linux distributions are distributed with hundreds of preconfigured links to all sorts of sites. Generally, those sites have agreed to that, but if their ownership or their policies changed, this could cause serious trouble for the distributor.
Since he was dealing with a known user base, he could have actually put some teeth in his acces spolicy with a one line firewall rule only allowing DIX subnets to access the box.
Taping a note to your front door that reads 'only enter if you live here' doesn't accomplish a lot if you leave the door open all the time.
I've used wireless hardware from the following manufacturers:
D-Link - DWL-650, DWL-G650, DI-624
The original 650 wasn't a stellar performer but it wasn't horrible. The G650+624 combo was pretty decent. I only returned it in favor of waiting to see where things went as far as MIMO gear.
Belkin - Can't remember, it was a b-only router
Utter crap. Couldn't last more than 2-3 days without crashing. Died permanently in just over a year.
Microsoft - MN500
In true Microsoft tradition, their software may be crap but their hardware products are actually decent. The MN500 was the most solid and consistent performing 11b kit I have used so far.
Netgear - WPN824 router + WPN511 NIC
Stellar. Utterly stellar. I love the 824. WPN511 is only retired due to the fact that my new laptop has a built-in Intel PRO/Wireless 8945 a/b/g NIC.
retrorocket.o not found, launch anyway?
Are you saying that unless you and I have an agreement explicitly forbidding me to do so, I am free to hack into your computer, ping flood you off the net and torch your mother's house?
This signature is not in the public domain.
That would hardly have done any good. Dropping the packets once they reach his network is of no use, since the damage is already done. The problem is the bandwidth consumed to reach his network.
- Stratum 1 are principle time servers for a region & directly query atomic clocks.
- Stratum 2 are general use for large regions or institutions - generally they should only be contacted by Stratum 3 servers - clients only as a last resort.
- Stratum 3 are the generic NTP servers of the internet - if you're an end client you should be talking to a Stratum 3 unless none are available/unrestricted for your use.
D-Link SOHO routers do 3 things wrong.- They don't follow the NTP protocol for requests to stop using the service.
- They ignore the restrictions place on the server usage - in Denmark, for use by ISP or Stratum (2/3) requests.
- They hit a Stratum 1 NTP server as an end client.
So no, if you run a public NTP server that you have dutifully entered restrictions on, you are expecting everyone who comes to you to obey the NTP protocol. That includes following the restrictions, listening to the go away requests, and following the basic rules of who to talk to.[Analogy type=bad]
In the US there are a number of parking spaces set asside for handicapped parking in almost every parking lot. Physically you can park there if you are not handicapped, but you're not supposed to (covers both ignoring restrictions and a client talking to a Stratum 1 server). If the manager of the parking lot tells you to get your car out of the spot - you should do that(refers to the kill request in the NTP protocol). In the real world if it get's this far, the cops come & give you a ticket. On the net you get open letters calling you an arogant prick who can't be bothered to figure out the basics of the protocols you are boasting about
[/Analogy]
For the record the Danish server was not the only Stratum 1 server they hit, they appear to have taken the Stratum 1 list (almost all of which restrict usage to Stratum 2 servers) and shoved it into the routers for general use - hardly the "Good internet citizen" they claim to be.
Don't forget to rape and pillage his mother's house after you're done burning it down (unless it's explicitly forbidden in the agreement).
It's not offtopic, dumbass. It's orthogonal.
Poul-Henning Kamp got 200.000 DDK (Danish kroner) which is about 33.000 US$.
;-). This information is from the danish version of computerworld online at http://www.computerworld.dk/
;-)
The settlement states that Poul-Henning Kamp must not talk about the history of problems which the D-Link routers caused. But He tells danish press that any future problemes causes by D-link equiptment will be posted around the net
His homepage is http://people.freebsd.org/~phk/
For those in america: Denmark is not the capital of sweden
Taping a note to your front door that reads 'only enter if you live here' doesn't accomplish a lot if you leave the door open all the time.
Please, stop with stupid analogies. They are never helpful. You can leave your door open all the time, that doesn't give anyone the right to go in! In Vermont, thats criminal trespass, and the fine is much larger than the other forms of trespass defined in the act.
I assure you, if someone shipped 1,000,000 web appliances that used your little home web server as a home page, you'd be pissed too. Or your DNS server as their address resolver. He doesn't mind occasional use, but these guys embedded his server address into ROM and and shipped boatloads of them.
NIST places no restrictions or expectations on who can access their Internet Time Service (ITS) servers (which includes time.nist.gov). NIST ITS supports NTP, Daytime Protocol and Time Protocol.
I wonder why D-Link doesn't use NIST's servers.
> If he had shut off his NTP server or changed the address; not only
> would his users be inconvenienced, but the users of the D-Link
> product could have been inconvenienced as well. I wonder what the
> downside is when these D-Links can't find the NTP server.
None. The machines would just jump to the next server on the list and hammer that one.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Damn, I had hoped that they would have been stupid enough to include only one address.
remote refid st t when poll reach delay offset jitter .GPS. 0 l 14 16 377 0.000 0.026 0.015
*GPS_NMEA(0)
Stratum two talks to the Stratum 1 (so the best you can get without a dedicated clock attached). Stratum three talks to two (fine for diffusion to clients in general). But then you can talk to the three and be stratum four (fine for desktops on fast networks with loose timing requirements) and so on. And then you can set the hardware clock of a lightly used machine in a temperature controlled environment (we use an old Cisco which does little else) to be stratum 7 (or something) to provide an emergency clock reference if all else fails (ie we lose the GPS box, the MSF box and the Internet).
ian
This post is definitely insightful. Sorry to see your kharma is so low your posting level is 0. It looks like it's because lots of people disagreed with you last time this same subject came up. On slashdot, the squeaky wheel gets the axe.
There are 0x40000000 types of people: those who understand 32-bit IEEE 754 floating point, and those who don't.
> I wonder why D-Link doesn't use NIST's servers.
Why the hell didn't they provide their own server?
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
IMHO they should donate their best products to him, a "powered by D-Link" small png along with the bill they paid.
So, that would be a "better ending" to a legit fight helping their amazingly bad image. I mean, DOSing a public,amateur server with your products and getting mentioned at Slashdot. Can be worse?
It is good ending btw.
... for me to abandon dlink because they're too cheap to put WDS in their wireless routers.
Uh, then why does NIST have this page with step by step instructions on how to setup clients to use nist time servers including time.nist.gov and detailed troubleshooting instuctions for same?
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Are you saying that unless you and I have an agreement explicitly forbidding me to do so, I am free to hack into your computer, ping flood you off the net and torch your mother's house?
Why are you asking? Are you stupid enough to think that that's what I said?
Are you somebody who hates open source software and who wants Microsoft and others to be able to shut down open source projects on a whim?
Because that's what it comes down to if you say that Kamp should have been able to sue and win: Debian, Ubuntu, Firefox, and many other free software projects have hardcoded network services in their distributions, and if Kamp could prevail in demanding damages, so could the companies these distributions point to. See, their usage agreements even say that you promise them your firstborn if you do. Didn't notice that before? Too bad.
Or maybe you want to shut down del.icio.us, because people sharing their bookmarks publicly might also be construed as starting an attack on the bookmarked sites. See, the usage agreements for the target sites even say (somehwere) that you can't do what you just did.
So, what's your secret angle? Which open source projects do you want to destroy? Which abusive sites and usage agreements are you trying to support?
Sad as it is, we can't punish what D-Link did to Kamp without opening the doors for a lot of other people to do harm to things we want to be able to do.
You're not the only one.
= 381090&tstart=0
It seems that quite a few people have experienced odd behaviors as a result of interactions between Linksys routers and some Macs.
http://discussions.apple.com/thread.jspa?threadID
This thread in particular is about the Mac Book Pro, but I've heard it happens with some other computers also; no clue why or what, but the solution that most people seem to be using is "buy a new router" of a brand other than Linksys. Contributing to this is the general brain-deadedness of their tech support staff (and to be fair, Apple's as well), who just point fingers.
FWIW, I have a Netgear MR314 running at my parents house that I set up for them when they first got broadband and the thing is a champ; I think it's been running constantly for 4-1/2 years now (if I did my math right) and the only times it hasn't worked is when the power is out. Damn thing is built like a tank, too: sheet metal chassis, none of this blue plastic crap. I've yet to get a Linksys product that's anywhere near as stable, and based on this article I'm not going to run out and get a D-Link.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Then why does NIST offer its own public domain client?
Can someone point me to where Slashdot previously covered this? Also, I recall some years back that there was a router that decided to randomly re-route 12.5% of all requests to non-existent web pages to the router manufacturer's web page that said, "You're obviously lost on the Internet --don't you want to pay us money so we can surf the web for real?" Which company was that --was that Belkin?
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
Okay, sorry to reply to myself, but I found a cache of Poul-Henning Kamp's posting about D-Link. This was at http://72.14.207.104/search?q=cache:LAdoqMDzqM0J:n et127.com/2006/04/07/open-letter-to-d-link-about-t heir-ntp-vandalism/+%22have+been+accused+of+extort ion.+I+have+been+told+that+I%22&hl=en&gl=us&ct=cln k&cd=1
(I'm not sure of any of those gibberish-looking parameters change over time.)
I think the convention is to post Anonymously to prevent karma-whoring, but the last time I tried to post anonymously, it didn't work. It seems to work when I preview this post. Okay, here's the web page:
Poul-Henning Kamp, Slagelse, Denmark, writes:
When I contacted D-Link back in November 2005 about the way D-Link products abused my NTP-server, I expected to get in touch with somebody who understood what they were talking about, I expected them to admit that D-Link had made a bad decision and I expected that D-Link would make good on the damage they were responsible for.
For the last five months I have wasted a lot of time trying to reach some kind of agreement with the Californian lawyer which D-Link put on the case. I can't quite make up my mind if D-Link's lawyer negotiates in bad faith or is merely uninformed, I tend to suspect the latter, but either way, as of this morning I decided to cut my losses.
Since no one else at D-Link has reacted to my numerous emails, I have no other means of getting in touch with D-Link other than an open letter. I realize that it will be inconvenient and embarrasing for D-Link to have this matter exposed in public this way, but I seem to have no other choice.
I will now lay out the case below in such detail that any moderately knowledgeable person should be able to understand it, and hopefully somebody, somewhere in D-Link will contact me so we can get this matter resolved.
What is NTP?
NTP is Network Time Protocol, a protocol that allows computers to transfer timestamps across the internet so that they can set their clocks to the correct time.
A number of NTP servers on the internet are connected to radio timecode receivers, GPS receivers or in some cases directly to national time laboratories primary atomic frequency standards.
How not to implement NTP in a product
A number of D-Link products, so far I have at least identified DI-604, DI-614+, DI-624, DI-754, DI-764, DI-774, DI-784, VDI604 and VDI624, contain a list of NTP servers in their firmware and using some sort of algorithm, they pick one and send packets to it.
This is about as wrong a way to do things as one can imagine. There is no way D-Link can change the list once the product is shipped, unless D-Link can persuade the customer to upgrade the firmware.
How to implement NTP in a product
The correct way, as I have pointed out to D-Link repeatedly, is to query a D-Link controlled DNS entry like "ntp.dlink.com" and populate this DNS entry with the list of NTP servers to be queried. That would allow D-Link to add or remove servers from the list by changing the DNS server files and all deployed devices would automatically see the update next time.
If D-Link had implemented the NTP feature this way, my complaint could have been handled to my full satisfaction with an emailed apology and a few minutes of D-Link's DNS administrators time.
The problem
As you can see in the table on the right side, D-Link included the NTP server "GPS.dix.dk" in the list of NTP servers to query, and they did so without asking for permission.
I have no idea how many devices D-Link has sold, but between 75% and 90% of the packets which arrive at my server come from D-Link products via this mechanism.
Why D-Link ne
time.nist.gov is a Stratum 1 server, it is poor internettiquette to use it for trivial (end-user) reasons.
e Servers
http://ntp.isc.org/bin/view/Servers/StratumOneTim
"As the load on the hosts supporting NTP primary (stratum 1) time service is heavy and always increasing, clients should avoid using the primary servers whenever possible."
Just because NIST is being nice about it doesn't mean MS has to include it as a choice.
The latest Slashdot meme.
If I am quite happy to run a stratum 1 server, accessible by any client in the world, and do so... quite simply, any net etiquette is utterly irrelevant.
The load on stratum 1 servers may very well be heavy and increasing, but if you say 'here, use my stratum 1 server', then people can and will, and you can't claim that it is poor form on their part to do so.
They would be a bad bot on the HTTP protocol technical, not adhering to robots.txt.
The NTP clients in d-link routers don't follow the NTP protocol for requests to stop using the service.
Change is certain; progress is not obligatory.
Yes - when speaking of servers. However, plenty of clients are misconfigured to connect directly to stratum 1 servers. Those aren't stratum 2 servers; they're leeches.
Dewey, what part of this looks like authorities should be involved?
Can you give an example of a project that hardcodes a network address that they don't explicit permission to use?
Dewey, what part of this looks like authorities should be involved?