Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenBSD Releases a Portable Version of OpenNTPD

Posted by timothy on from the enlightened-self-interest dept.

Noryungi (70322) writes Theo De Raadt roundly criticized NTP due to its recent security advisories, and pointed out that OpenBSD OpenNTPD was not vulnerable. However, it also had not been made portable to other OS in a long time. Brent Cook, also known for his work on the portable version of LibreSSL (OpenBSD cleanup and refactoring of OpenSSL) decided to take the matter in his own hands and released a new portable version of OpenNTPD. Everyone rejoice, compile and report issues!

3 of 79 comments (clear)

  1. Mathematics by ledow · · Score: 4, Interesting

    I'm led to believe that the reason we're using ntpd and not any of the other is that, although they are fine for getting your home machine to approximately the right second, they are damn-near useless for anything that you want real time-keeping for.

    So if you want to interact with stratum-1's or be a stratum-2, then you'll be using ntpd. And, en-masse, NTP is not something as simple as just clock-skewing. That throws lots of things out of kilter. Granted, you may think you don't care, but these things can come back to bite you if you make a hasty decision now.

    When someone like the NTP pool project (that I run a couple of serverse on) come to me and tell me that ntpd isn't secure enough, and that OpenNTP is good enough , then maybe I'll go over to them. Fact is, I haven't heard anything along those lines.

    There's a lot of maths behind getting your clocks in sync quickly without going backwards in time, or slowing to a crawl, or messing up timestamps a lot. It's not as simple as "let's just drag the users clock closer to the reference one constantly". ntpd does a LOT that other NTP servers don't, and a lot of that is important for anything that you want to rely on a timeserver for.

    Sorry, but this is just blatant "Look at us, we run an NTP project that's secure" when actually it does less than 10% of what ntpd does. And to make it do what ntpd does, presumably will take years of work to secure.

    There are various "rewrite" projects at the moment, but all known holes with ntpd are closed. Until there's a compelling reason to move, don't. And by the time there is, you'll find properly-written, full-featured NTP projects being offered.

    Nobody's talking about sub-millisecond accuracy here either. We're just talking not cocking up the one thing you plug in an NTP server to get right - the time.

  2. There are other alternatives already by loonycyborg · · Score: 4, Interesting

    Like chrony.

    I wouldn't recommend openntpd because it isn't an implementation of ntp

  3. Re:Learn Something About NTPD Before You Rant..... by Shakrai · · Score: 4, Interesting

    Good for you. My ntpd server served over 100,000 unique clients in the last hour and has been running without any issues whatsoever fully exposed to the internet since 2006. And that's a "young" server by the standards of the ntp community.

    Your welcome to use whatever software you wish but there's no reason whatever to put down the efforts of another FOSS team of volunteers other than to be a smug superior asshole.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.