Good for you. My ntpd server served over 100,000 unique clients in the last hour and has been running without any issues whatsoever fully exposed to the internet since 2006. And that's a "young" server by the standards of the ntp community.
Your welcome to use whatever software you wish but there's no reason whatever to put down the efforts of another FOSS team of volunteers other than to be a smug superior asshole.
Thank you for your work on behalf of NTP and the ntpd team.:)
I have a long standing interest (obsession) in time, going back to my childhood days where I would synchronize all of the clocks in the house. ntpd is easily one of my favorite pieces of software and I've kept at least one server in the NTP Pool since 2006. I sold the first server to my boss as a means to monitor the stability of our connection while giving something back to the internet community, then got a static IP on my home connection so I could run one there, then deployed a few servers to other locations as time and money allowed. Right now I'm down to one, my personal server, but it's on a 50mbit/s connection and serves around 500-600k requests per hour.
Out of all of the software that I run that's internet facing ntpd is the daemon that I worry about the least. It has a solid security track record and anyone who bothered to read the Wikipedia article about it (never mind research the history of the software the old fashioned way) would know this....
imo, when you go for that last nanosecond of accuracy as the highest priority
That's kind of the whole point of a timeserver. If you're just running a typical client that doesn't need precision there are a multitude of SNTP implementations that you can use, including the one built into Windows. If you're running something that demands precision or wish to share your time with others (random plug: NTP Pool) you're going to need a little bit more accuracy than that.
and lower the priority of writing secure software to the point where it is no longer a priority, then you have ntp.
ntpd has been around since the 80s. Contrast it against other system daemons that have been around that long (sendmail) and you'll see that it has a solid security record. The recent "exploits" only impacted a small subset of servers that were using the cryptographic functionality of ntpd, which is primarily used for remote management and peering relationships and was a non-issue for the lion's share of configurations. Configurations to work around the issues were released immediately and a patch to solve them entirely was available within days. What more do you want? This was all discussed on the NTP Pool mailing lists and the consensus was "meh." I'm not aware of any NTP server that has been compromised because of these exploits.
The biggest issue that's hit ntpd in the last year was the ease with which you could use the 'monlist' command for amplification attacks. This too was easily solved with a configuration change and in any event did not compromise the integrity of the servers running ntpd. It's symbolic of a larger problem that has hit other protocols (DNS) and which will never go entirely away until network operators get off their lazy asses and implement the recommendations of BCP38.
The easiest way to visualize Microsoft's business strategy is to envision an ant trapped in a maze. The ant hits a wall, waves her antennae around a bit, picks a totally random direction and tries again. Rinse and repeat until the ant finds her way out of the maze or starves to death.
You don't NEED it but I think it's GOOD PRACTICE to have it. Do you trust Windows enough to be sure that no one can access your file shares if they're on the same LAN segment? Do you trust your closed-source TiVo enough to know that the folks at TiVo (or a black hat) can't remote into it and explore your network if they're so inclined? I don't. Why does my TiVo need to be in the same broadcast domain as the file server that contains my complete financial history and e-mail archives going back to 1991?
I have three VLANs. One for completely trusted devices, one for untrusted devices (the Android phone sits on this one, incidentally) that need internet access, and a third one for friends/guests that wish to use my Wi-Fi. They do not talk to each other. There's no reason for them to.
About the same time the ridiculous mandate was placed on the USPS to forward fund all their employees' benefits for the next 50 years
Why is that a 'ridiculous mandate'? Do you feel like bailing out those generous pension promises in a few decades when the USPS can't pay the bill? Like we've done with so many private sector corporations that have failed to meet their pension and healthcare obligations?
The mandate is very painful for USPS but it's a comparatively short term pain that should solve a long term problem. Frankly I wish we could do a similar thing with the ticking time bomb in certain States, though at the end of the day it's entirely up to them, since Uncle Sam has precious little power to compel change at the State level.
That's what VLANs are for. It's easy enough to segment your home network into trusted and untrusted devices if the 'untrusted' ones derive usefulness from being internet connected. One can provide them with access to the internet without having access to all of your personal data.
BTW, here's a quote that sums it up rather succinctly, emphasis mine:
“In Europe right now there’s a tremendous amount of anti-immigration sentiment,” Daniel Benjamin, a former U.S. counter-terrorism official now with the Brookings Institution in Washington, said on Bloomberg Television. “The danger here is that we see ever greater confrontations, provocations and the like, and that will drive radicalization. That is a very difficult thing for the authorities to manage.”
I implied nothing of the sort but feel free to keep reading things that aren't there. Bonus points for the equation to rape victim blaming. Did you borrow that one from the Democrats? Interesting choice given your signature line.
I highly doubt any one of the victims of this heinous crime are responsible (directly or indirectly) for French economic and immigration policy. Does that satisfy you? I'm guessing it won't.
France has marginalized 7+% of her population. This breeds resentment and makes it that much easier for people to make irrational decisions. Blinding yourself to this reality helps no one. I am not excusing the behavior. Nor am I really attempting to explain it.
There is no explanation or justification for this but the sad truth of the matter is that such incidents are going to continue. What do you suggest doing about it? Walling off a large portion of your population into de-facto ghettos is not a winning strategy in the long term. The only way to defeat an ideology is to demonstrate that your own is superior; treating 7% of your people as second class citizens does not seem like an effective way to do that, from my perspective, but what do I know?
Europe needs to figure out how to welcome and assimilate immigrants, as the United States and Canada do, or just man up and close the borders. Either outcome would be preferable to the status quo. The current situation benefits no one.
And you think a spinning hard drive with platters and heads would be a better choice for a spacecraft that has to endure several G forces worth of acceleration at each end of the trip? Or perhaps it's a better choice to use magnetic media than solid state in high radiation environments like interplanetary space?
Attacking, with extreme precision, those who committed or are responsible for the attacks, is completely justified. I was speaking against larger-scale retaliation against muslims as a whole, which a surprising number of people seem to feel justified.
I haven't seen anybody outside of a few chickenshit ACs actually suggest such a policy. Certainly no mainstream policy-maker has come forth and suggested doing so. Even the so-called "hard right" in Europe and North America doesn't advocate going that far.
Voila! It is France's own fault and they deserve what violence they get over it.
I said nothing of the sort. But it's rather hard to dispute the fact that they treat their immigrant community like shit and that in so doing they've made it that much easier for their youth to become radicalized. When you marginalize an entire population you can expect them to become a tad bit resentful about it. Does that justify this behavior? Of course not.
All that just makes it easier to convince impressionable youngsters to take up arms or stupidly blow themselves up in crowded places.
Youngsters don't take up arms and blow themselves up because they're impressionable. They do so because they don't perceive that they have any better options. Take a hard look at the youth unemployment rate in France and the manner in which the immigrant Muslim community is treated. When you ostracize 7% (5M / 66M) of your population such outcomes are wholly predictable.
The solution to terrorist recruitment in the West is to actually give these disaffected groups some buy-in to society. The solution in the Middle East is to build those countries up to First World standards of living. That won't get rid of the die hard true believers but it sure will cut down on their recruitment campaign.
If it was a truly regulated public utility it might work. Right now the system we have is the worst of both worlds. Take a look at what happened to wireline voice services. POTS is and always has been a tightly regulated product, with requirements for reliability, up-time, and a mandate to serve everyone regardless of how rural or unprofitable it might be to reach them. The result was affordable wireline voice service that's available virtually everywhere in CONUS. Service that is now being killed off by two factors:
1) The emergence of wireless.
2) The emergence of wireline competitors (the cable co) that don't have to meet any of the aforementioned "must serve" or reliability metrics.
Item #2 is the one that gets my goat. The cable companies market their voice product as "phone" service when it's really anything but. It doesn't meet the five nines of reliability that POTS has; they can't even keep it working during power outages. It's not available everywhere. They get to cherry pick profitable markets and swipe the very customers that the ILEC most needs to maintain their infrastructure, all the while delivering a considerably inferior service that leaves many consumers high and dry at the very time they most need reliable communications. Is it any wonder that Verizon and AT&T want out of the landline business so badly? Would you remain in a business with huge legacy costs and regulations that's forced to compete with outfits that have neither?
If you're serious about the "regulated utility" option then what you're really talking about is bringing back Ma Bell. That's the only way it's going to work. You can't have a marketplace where you have one or two regulated utilities that have to operate under onerous rules while more nimble competitors are allowed to swoop in without having to meet any of those same regulations. Google Fiber is a product that makes people around here salivate but they're cherry picking profitable markets one by one and leaving everybody else high and dry. Would you trade the ability to see exciting new upstarts like Google Fiber for a system where we have a regulated Ma Bell that's promised a small but steady profit and no competition?
Does it also come with UI regressions, like the change around 3-4 that turned putting the clock into night mode from a one-tap operation into a 4 tap sequence?
My favorite Android "upgrade" was the removal of the ability to set separate notification and ring volumes. Now they're linked together and there's no easy way to mute notifications at night while keeping the ringer on. There are third party apps of various quality that will do this but I've never been wholly comfortable with allowing an app to manage my notifications and ringtones. Too many of them manifest weird bugs that result in missed calls or messages. I can't think of any compelling reason to have removed this seemingly basic functionality from the OS except that some engineer thought to himself, "I don't use this feature." and removed it without thinking things though.
I don't identify as an atheist or agnostic. Non-religious is more appropriate since I really don't give a shit about religion or whether cosmic sky daddies exist.
I don't care how you identify. Your smug sense of superiority tells me all that I need to know.
Technology has changed. The NSA doesn't have 1 in 10 people informing because it's no longer necessary and they don't have the budget for it. Instead, they just intercept all electronic communication (or at least every bit they can get their hands on). They have ceased focusing on intercepting just people of interest, now they want to grab it all.
It's called traffic analysis. Frankly I don't have a problem with what they're doing, but saying so around here is political suicide. Bad actors use modern telecommunications systems; traffic analysis is one of the tools we have in the box to deal with them. Historically the Western Countries (the US/UK in particular) are very good at signals intelligence. It has a history of saving lives and shortening conflicts. In any case, nobody knowledgeable has ever truly expected privacy when it comes to communications sent in the clear.
I'll leave you with this: People of good conscience can disagree on the merits or need for what NSA is doing. I respect your opinion on the matter but not the hyperbole that you've attached to it or the FUD that others (not you, FWIW) are spreading on the subject. NSA is not that interested in you or me and they're certainly not STASI. Statements like that we can do without.
Yeah, except for the fact that we're sitting here openly talking about it. Or the minor little detail that you don't have to worry about 1 in 10 (some studies say 1 in 6) of your neighbors being informers for a Government that will shoot you dead if you attempt to emigrate.
Seriously, these comparisons are about on the level of the standard issue Nazi analogy. It's pure hyperbole at best and deliberate ignorance of history at worst. It's also a tad bit offensive to people who actually grew up in the East Bloc and have a taste for what genuine oppression feels like.
By your definition I am a bigot then because I think all religion is stupid
But it doesn't change the fact that I think everyone would be happier if they stopped believing stupid nonsense.
bigot
noun: bigot; plural noun: bigots
a person who is intolerant toward those holding different opinions.
Seems to fit to me. I can see now that you're a true believer. True believers frighten me very much, be they theists or atheists; anyone who is convinced that he has all the answers and those who disagree clearly aren't as enlightened as he is. You have closed your mind to the viewpoint of those who could add much needed perspective and diversity of opinion to your worldview. It would be laughable if the consequences weren't so often deadly.
Slashdot Mirror
Good for you. My ntpd server served over 100,000 unique clients in the last hour and has been running without any issues whatsoever fully exposed to the internet since 2006. And that's a "young" server by the standards of the ntp community.
Your welcome to use whatever software you wish but there's no reason whatever to put down the efforts of another FOSS team of volunteers other than to be a smug superior asshole.
Thank you for your work on behalf of NTP and the ntpd team. :)
I have a long standing interest (obsession) in time, going back to my childhood days where I would synchronize all of the clocks in the house. ntpd is easily one of my favorite pieces of software and I've kept at least one server in the NTP Pool since 2006. I sold the first server to my boss as a means to monitor the stability of our connection while giving something back to the internet community, then got a static IP on my home connection so I could run one there, then deployed a few servers to other locations as time and money allowed. Right now I'm down to one, my personal server, but it's on a 50mbit/s connection and serves around 500-600k requests per hour.
Out of all of the software that I run that's internet facing ntpd is the daemon that I worry about the least. It has a solid security track record and anyone who bothered to read the Wikipedia article about it (never mind research the history of the software the old fashioned way) would know this....
imo, when you go for that last nanosecond of accuracy as the highest priority
That's kind of the whole point of a timeserver. If you're just running a typical client that doesn't need precision there are a multitude of SNTP implementations that you can use, including the one built into Windows. If you're running something that demands precision or wish to share your time with others (random plug: NTP Pool) you're going to need a little bit more accuracy than that.
and lower the priority of writing secure software to the point where it is no longer a priority, then you have ntp.
ntpd has been around since the 80s. Contrast it against other system daemons that have been around that long (sendmail) and you'll see that it has a solid security record. The recent "exploits" only impacted a small subset of servers that were using the cryptographic functionality of ntpd, which is primarily used for remote management and peering relationships and was a non-issue for the lion's share of configurations. Configurations to work around the issues were released immediately and a patch to solve them entirely was available within days. What more do you want? This was all discussed on the NTP Pool mailing lists and the consensus was "meh." I'm not aware of any NTP server that has been compromised because of these exploits.
The biggest issue that's hit ntpd in the last year was the ease with which you could use the 'monlist' command for amplification attacks. This too was easily solved with a configuration change and in any event did not compromise the integrity of the servers running ntpd. It's symbolic of a larger problem that has hit other protocols (DNS) and which will never go entirely away until network operators get off their lazy asses and implement the recommendations of BCP38.
I wrote a super secure interactive hello world once, so the user could see "hello world" in any language of their choice:
int main (int argc, char **argv) {
char hello[256];
gets(hello);
printf("%s\n", hello);
return 0;
}
Works best when run with root permissions. :)
The easiest way to visualize Microsoft's business strategy is to envision an ant trapped in a maze. The ant hits a wall, waves her antennae around a bit, picks a totally random direction and tries again. Rinse and repeat until the ant finds her way out of the maze or starves to death.
You don't NEED it but I think it's GOOD PRACTICE to have it. Do you trust Windows enough to be sure that no one can access your file shares if they're on the same LAN segment? Do you trust your closed-source TiVo enough to know that the folks at TiVo (or a black hat) can't remote into it and explore your network if they're so inclined? I don't. Why does my TiVo need to be in the same broadcast domain as the file server that contains my complete financial history and e-mail archives going back to 1991?
I have three VLANs. One for completely trusted devices, one for untrusted devices (the Android phone sits on this one, incidentally) that need internet access, and a third one for friends/guests that wish to use my Wi-Fi. They do not talk to each other. There's no reason for them to.
About the same time the ridiculous mandate was placed on the USPS to forward fund all their employees' benefits for the next 50 years
Why is that a 'ridiculous mandate'? Do you feel like bailing out those generous pension promises in a few decades when the USPS can't pay the bill? Like we've done with so many private sector corporations that have failed to meet their pension and healthcare obligations?
The mandate is very painful for USPS but it's a comparatively short term pain that should solve a long term problem. Frankly I wish we could do a similar thing with the ticking time bomb in certain States, though at the end of the day it's entirely up to them, since Uncle Sam has precious little power to compel change at the State level.
That's what VLANs are for. It's easy enough to segment your home network into trusted and untrusted devices if the 'untrusted' ones derive usefulness from being internet connected. One can provide them with access to the internet without having access to all of your personal data.
Somewhere between "impossible" and "as easy as throwing a chair across the room."
BTW, here's a quote that sums it up rather succinctly, emphasis mine:
“In Europe right now there’s a tremendous amount of anti-immigration sentiment,” Daniel Benjamin, a former U.S. counter-terrorism official now with the Brookings Institution in Washington, said on Bloomberg Television. “The danger here is that we see ever greater confrontations, provocations and the like, and that will drive radicalization. That is a very difficult thing for the authorities to manage.”
I implied nothing of the sort but feel free to keep reading things that aren't there. Bonus points for the equation to rape victim blaming. Did you borrow that one from the Democrats? Interesting choice given your signature line.
I highly doubt any one of the victims of this heinous crime are responsible (directly or indirectly) for French economic and immigration policy. Does that satisfy you? I'm guessing it won't.
France has marginalized 7+% of her population. This breeds resentment and makes it that much easier for people to make irrational decisions. Blinding yourself to this reality helps no one. I am not excusing the behavior. Nor am I really attempting to explain it.
There is no explanation or justification for this but the sad truth of the matter is that such incidents are going to continue. What do you suggest doing about it? Walling off a large portion of your population into de-facto ghettos is not a winning strategy in the long term. The only way to defeat an ideology is to demonstrate that your own is superior; treating 7% of your people as second class citizens does not seem like an effective way to do that, from my perspective, but what do I know?
Europe needs to figure out how to welcome and assimilate immigrants, as the United States and Canada do, or just man up and close the borders. Either outcome would be preferable to the status quo. The current situation benefits no one.
I'd say pretty much every part of that rover has performed well beyond anything it was ever expected to.
All except for The Illudium Q-36 Explosive Space Modulator.
And you think a spinning hard drive with platters and heads would be a better choice for a spacecraft that has to endure several G forces worth of acceleration at each end of the trip? Or perhaps it's a better choice to use magnetic media than solid state in high radiation environments like interplanetary space?
Attacking, with extreme precision, those who committed or are responsible for the attacks, is completely justified. I was speaking against larger-scale retaliation against muslims as a whole, which a surprising number of people seem to feel justified.
I haven't seen anybody outside of a few chickenshit ACs actually suggest such a policy. Certainly no mainstream policy-maker has come forth and suggested doing so. Even the so-called "hard right" in Europe and North America doesn't advocate going that far.
Voila! It is France's own fault and they deserve what violence they get over it.
I said nothing of the sort. But it's rather hard to dispute the fact that they treat their immigrant community like shit and that in so doing they've made it that much easier for their youth to become radicalized. When you marginalize an entire population you can expect them to become a tad bit resentful about it. Does that justify this behavior? Of course not.
We should not attack them in retaliation
Huh? Self-defense is not 'retaliation'; neither is bringing those responsible for the commission of heinous crimes to justice.
All that just makes it easier to convince impressionable youngsters to take up arms or stupidly blow themselves up in crowded places.
Youngsters don't take up arms and blow themselves up because they're impressionable. They do so because they don't perceive that they have any better options. Take a hard look at the youth unemployment rate in France and the manner in which the immigrant Muslim community is treated. When you ostracize 7% (5M / 66M) of your population such outcomes are wholly predictable.
The solution to terrorist recruitment in the West is to actually give these disaffected groups some buy-in to society. The solution in the Middle East is to build those countries up to First World standards of living. That won't get rid of the die hard true believers but it sure will cut down on their recruitment campaign.
If it was a truly regulated public utility it might work. Right now the system we have is the worst of both worlds. Take a look at what happened to wireline voice services. POTS is and always has been a tightly regulated product, with requirements for reliability, up-time, and a mandate to serve everyone regardless of how rural or unprofitable it might be to reach them. The result was affordable wireline voice service that's available virtually everywhere in CONUS. Service that is now being killed off by two factors:
1) The emergence of wireless.
2) The emergence of wireline competitors (the cable co) that don't have to meet any of the aforementioned "must serve" or reliability metrics.
Item #2 is the one that gets my goat. The cable companies market their voice product as "phone" service when it's really anything but. It doesn't meet the five nines of reliability that POTS has; they can't even keep it working during power outages. It's not available everywhere. They get to cherry pick profitable markets and swipe the very customers that the ILEC most needs to maintain their infrastructure, all the while delivering a considerably inferior service that leaves many consumers high and dry at the very time they most need reliable communications. Is it any wonder that Verizon and AT&T want out of the landline business so badly? Would you remain in a business with huge legacy costs and regulations that's forced to compete with outfits that have neither?
If you're serious about the "regulated utility" option then what you're really talking about is bringing back Ma Bell. That's the only way it's going to work. You can't have a marketplace where you have one or two regulated utilities that have to operate under onerous rules while more nimble competitors are allowed to swoop in without having to meet any of those same regulations. Google Fiber is a product that makes people around here salivate but they're cherry picking profitable markets one by one and leaving everybody else high and dry. Would you trade the ability to see exciting new upstarts like Google Fiber for a system where we have a regulated Ma Bell that's promised a small but steady profit and no competition?
Does it also come with UI regressions, like the change around 3-4 that turned putting the clock into night mode from a one-tap operation into a 4 tap sequence?
My favorite Android "upgrade" was the removal of the ability to set separate notification and ring volumes. Now they're linked together and there's no easy way to mute notifications at night while keeping the ringer on. There are third party apps of various quality that will do this but I've never been wholly comfortable with allowing an app to manage my notifications and ringtones. Too many of them manifest weird bugs that result in missed calls or messages. I can't think of any compelling reason to have removed this seemingly basic functionality from the OS except that some engineer thought to himself, "I don't use this feature." and removed it without thinking things though.
I don't identify as an atheist or agnostic. Non-religious is more appropriate since I really don't give a shit about religion or whether cosmic sky daddies exist.
I don't care how you identify. Your smug sense of superiority tells me all that I need to know.
Technology has changed. The NSA doesn't have 1 in 10 people informing because it's no longer necessary and they don't have the budget for it. Instead, they just intercept all electronic communication (or at least every bit they can get their hands on). They have ceased focusing on intercepting just people of interest, now they want to grab it all.
It's called traffic analysis. Frankly I don't have a problem with what they're doing, but saying so around here is political suicide. Bad actors use modern telecommunications systems; traffic analysis is one of the tools we have in the box to deal with them. Historically the Western Countries (the US/UK in particular) are very good at signals intelligence. It has a history of saving lives and shortening conflicts. In any case, nobody knowledgeable has ever truly expected privacy when it comes to communications sent in the clear.
I'll leave you with this: People of good conscience can disagree on the merits or need for what NSA is doing. I respect your opinion on the matter but not the hyperbole that you've attached to it or the FUD that others (not you, FWIW) are spreading on the subject. NSA is not that interested in you or me and they're certainly not STASI. Statements like that we can do without.
That sounds about like the scale of STASI to me.
Yeah, except for the fact that we're sitting here openly talking about it. Or the minor little detail that you don't have to worry about 1 in 10 (some studies say 1 in 6) of your neighbors being informers for a Government that will shoot you dead if you attempt to emigrate.
Seriously, these comparisons are about on the level of the standard issue Nazi analogy. It's pure hyperbole at best and deliberate ignorance of history at worst. It's also a tad bit offensive to people who actually grew up in the East Bloc and have a taste for what genuine oppression feels like.
By your definition I am a bigot then because I think all religion is stupid
But it doesn't change the fact that I think everyone would be happier if they stopped believing stupid nonsense.
bigot
noun: bigot; plural noun: bigots
a person who is intolerant toward those holding different opinions.
Seems to fit to me. I can see now that you're a true believer. True believers frighten me very much, be they theists or atheists; anyone who is convinced that he has all the answers and those who disagree clearly aren't as enlightened as he is. You have closed your mind to the viewpoint of those who could add much needed perspective and diversity of opinion to your worldview. It would be laughable if the consequences weren't so often deadly.
Finding things that kill bacteria is easy.
Like handguns? :D
Finding things that kill bacteria and do not significantly harm the host, now that is the hard part.
Details.