e...@thyrsus.com said:
> * an Anker 10-port powered USB hub, because Mark turned out to be
> unsurpringly right that el cheapo unpowered hubs aren't stable
> enough (ordered)
I'm missing something. What is that hub for? Are you using it to power all
the Pi-s?
USB provides 100 mA by defau
e...@thyrsus.com said:
> Yes. I had been using a tiny 4-port unpowered hub, and seeing occasional
> failures that looked like the Pis might not always be getting the amperage
> they needed. They were sporadic ...
I'm surprised the screwups weren't more frequent.
--
These are my opinions.
e...@thyrsus.com said:
> See my reply to Gary and your text about NATs and firewalls. Nobody has
> convinced me that this procedure *isn't* taking security seriously, nor will
> they until I understand how any machine other than the one I port-forward to
> is visible to outsiders.
Your mention
The parts list should probably mention power. You either need a wall-wart
type unit or a USB A-to-micro-B cable and a place to plug it in to steal
power.
I think the "Download the 2016-03-18 Raspbian Lite image zip file to your host"
step should have a wget line that can be cut-pasted.
"If
e...@thyrsus.com said:
> Would it suffice to say "Never put a Pi on an un-NATted address until you
> have removed the default account?"
I don't think that's quite good enough.
What are your longer term plans for this document? Is it going to live on
www.catb.org forever, or migrate to someplac
e...@thyrsus.com said:
> There's a simpler way. First step becomes changing the default-user
> password using a local display and keyboard, *before* the Ethernet is
> plugged in.
I like it. The disadvantage is that you may need some adapters. Has the
world switched to HDMI yet? (I'm still us
e...@thyrsus.com said:
> Now that I'm thinking about it - probably the NTPsec site should have a
> HOWTOs category, and both this thing and both time-service HOWTOs should
> move there. Later to be joined by others.
> But I'm not wedded to that plan. Do you have a better or different idea?
I li
e...@thyrsus.com said:
> No doubt you're right, but I don't think that sort of bug will hit us until
> we change kernels - that is, unpin the image we're using. I'll add such a
> warning then.
Do we need a warning about NOT running apt-get update/upgrade?
> Better yet, we provide a script,
> Not immediately; there's still the Odroid C2 and BeagleBone to do.
Forget them. They aren't worth your time.
There aren't any HAT equivalents for BeagleBone and the Odroid web site is
broken enough that I couldn't even order one.
---
There is actually a Cape with GPS but it also has GPR
e...@thyrsus.com said:
> The deal we've struck with them is: They supply the hardware, we'll do the
> software integration. I think they're our best bet for a real single-board
> solution.
I don't think we want a single board solution. It won't track new versions
with newer CPU chips, or if i
e...@thyrsus.com said:
>> OCXOs are big, power hungry, and expensive. Why do you want one?
> To minimize drift during loss of sat lock, of course.
Do you have any idea how big a can of worms you are opening?
Low end OCXOs will double the cost of Pi type setup. Good ones cost a lot
more.
How
fallenpega...@gmail.com said:
> Is there a ntpsec.org SMTP server?Google and O365 are starting to clamp
> down harder on sending emails with From addresses other than theirs.
I must be running slow today. I can't quite figure out what the problem is.
The usual problem is something like goo
e...@thyrsus.com said:
> One of the HOWTO's premises is that you have zeroconf. If you're only going
> to use it on your LAN, not make it public, you can get away with giving a
> .local address in your other configs. I'll add a clarification.
I thought part of the goal was to get more pool serve
e...@thyrsus.com said:
>> fudge 127.127.22.1 refid PPSU time1 0.100700
> *Trailing* edge? That's disturbing. I thought previous observation had shown
> that the Adafruit hat reports rising edge. If this so, whether we catch the
> rising or falling edge is variable based on more things than just
dtpoi...@gmail.com said:
> Is there a consensus on DDNS? There are a few services which offer 'free
> dynamic DNS service':
...
> Would it make sense to bake DDNS registration into the recipe and move away
> from IP numbers?
What problem are you trying to solve?
The reason for using dynamic DNS
It looks like you are missing /usr/include/linux/rtnetlink.h
Do you have kernel-headers installed?
It builds on FreeBSD without rtnetlink.h so there is probably something more
complicated going on.
Does your net/route.h define rt_msghdr? That's where it comes from on
FreeBSD. Or anyplace els
dan-...@drown.org said:
> I've found the built-in measurement to be useful. I have this
> configuration:
Yes, but you have to be suspicious. Consider a PPS over USB setup without
any fudging. Without any other clock sources, you can't tell that the
histogram is actually offset rather than c
I'm chasing a couple of cases where it's not working.
--
These are my opinions. I hate spam.
___
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
> If you system has Linux Capabilities enforced then you need: CAP_SYS_TIME
The problem was that I didn't have libcap_devel installed so it dropped root
without hanging on to any capabilities. (or something like that)
Somebody should have died back at the configure or build step.
--
These ar
Does the mailing list package you are using have the option to convert
everything to plain text?
HTML stuff is a pain, but I can usually read it. base64 requires more work
and grep won't work.
Is google smart enough to decode base64 in things that look like mail?
--
Dan sent a reply to
g...@rellim.com said:
> I have changed some "server" statements to "minpoll 4". That changes the
> NTP polling interval from 64 seconds to 32 seconds. Since an ARP entry is
> elligible for eviction at 60 seconds that is a nice cushion.
Either one of us can't count or there is a typo in there.
g...@rellim.com said:
> Yes, but then that would only work for some version of Linux. Changing
> minpoll fixes all OS, and keeps the change local to avoid unintended
> consequences.
Only if they have a timeout in the right range.
You probably want to change maxpoll rather than minpoll.
>> I
> I'll track this down tomorrow. I have a pretty good idea where it might be.
The immediate problem is a signed/unsigned mixup. argc has gone negative and
a (u_int) that I probably added to squash compiler warnings isn't bailing on
the loop that's grabbing the rest of the arguments as host nam
g...@rellim.com said:
>> > Changing minpoll fixes all OS, and keeps the change local to avoid
>> > unintended consequences.
>> Only if they have a timeout in the right range.
> Oh, it is in the right range. Linux by default has a gc_timeout of 60
> seconds. Anytime after that Linux may delete th
> First set of graphs is just a normal configuration.
Nice work. Thanks.
I think it would be easier to understand the graphs if you showed only the
round trip time. The other stuff is just distracting.
I think it would help to add a few words describing the source box and target
box. Hardwa
[context is missing sys/capabilities.h and/or libcap]
>> Somebody should have died back at the configure or build step.
> OK, that's a bug. Please file an issue against the build system.
https://gitlab.com/NTPsec/ntpsec/issues/70
waf should die if it can't find sys/capability.h on linux
--
The
e...@thyrsus.com said:
> as I now judge the Uputronics board to be a better recommendation
How did you decide that?
Is the Adafruit HAT good enough? What's the price difference delivered to
the US?
--
These are my opinions. I hate spam.
___
de
Has anybody else noticed any problems?
I've seen it a few times.
The symptom is no output. cat /dev/ttyUSB0 never prints anything. Neither
gpsmon i nor gpsd could get it going again. unplug then replug gets it going
again.
I haven't seen similar troubles with 601Ws on Pi-B or Pi-2.
I jus
> I just swapped the 701 on a Pi-3 with a 601 on a Pi-2.
That didn't take long. The 601 just hung on the Pi-3.
--
These are my opinions. I hate spam.
___
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
oli...@mutability.co.uk said:
> Do you trust your power? The Pi 3 is even more picky than the Pi 2.
Thanks. That could be the problem. Meter says 4.8V. I didn't get out a
scope to look for dips below that.
g...@rellim.com said:
> Everyone should have a USB V/A meter, they are cheap. Here is
e...@thyrsus.com said:
>> I donât think the issue is that the board designers cut cost -
>>thereâs power regulation on the boards.
> I'm sure there is. But not a lot of it. Many are the reports of problems
> in the presence of wobbly power - I'd heard a few myself even before I
> started wor
> And what do you call a 'real' meter?
Something that is likely to be accurate. It will cost more than $5.
I have a Fluke 112. I got it because we had one at work and I liked it.
It's old enough that they don't make them any more. I'm not sure what I
would get today.
> Any modern meter sh
dfoxfra...@gmail.com said:
> I'm on the fence as to whether this bug is bad enough to merit tagging a
> release right away. Both NTP.org and the Redhat folks who discovered the bug
> are downplaying it, but I'm leaning toward yes given that even *legitimate*
> leap seconds have a long history of c
Newer Pis have the power going in the side rather than end. That's going to
make a similar rack difficult to assemble.
> But I'd hate like hell to have results from a multi-day profiling run
> ruined. Preventive measures seem required.
Get used to it. There are all sorts of reasons why multi-
An issue I started got spammed, so I got a copy by email.
https://gitlab.com/NTPsec/ntpsec/issues/71
Does gitlab want to know about things like this? How does who make it go
away?
He also spammed openprinting.org with a different URL but also on tumblr.
--
These are my opinions. I hate
g...@rellim.com said:
> Click on his Icon in the issue, then on the top left of the nwe paeg is a
> small icon to report his abuse.
Thanks. It's gone, so somebody got to it before I got a chance to try your
recipe.
--
These are my opinions. I hate spam.
_
Nice. Thanks.
I'm assuming that the major decision on what we call 1.0 will be political,
aka Mark's call.
An item I would put on the list would be a written recipe/checklist for how
to do a release. I think when we get into "real" releases, that recipe will
need several branches:
one for
e...@thyrsus.com said:
> False modesty would serve our planning needs poorly so I'm just going to say
> straight out that if *I* can't get my head all the way around the fscking
> hairball (and so far I clearly can't) the list of people who could plausibly
> manage it is pretty damned short. One
e...@thyrsus.com said:
[release recipe/checklist]
> You've been agitating for this for a long time. And reasonably so, but I
> don't see anyone stepping up to write it. Can you do it?
I'll be glad to edit, but I don't know what the steps are.
--
These are my opinions. I hate spam.
__
>> I can add driver 8 mode 5 & mode 133 to that list. For whatever reason
>> the PPS mode actually seems to work better; or at least in the peer list
>> the PPS lock is quite stable, whereas the original ntpd would lose it
>> quite often (dropping from "o" to "*").
> That's interesting. It seems
[resend to fix typo in cc list]
dfoxfra...@gmail.com said:
> I want to test things at the *user-visible* level. Automate the process of
> supplying configuration files that exercise a variety of functionality,
> running them on real hardware and real networks, and monitoring the results
> with ntp
dfoxfra...@gmail.com said:
>> What's the time scale? How long will distros continue
>> running old "stable" versions?
> Five years is the high end of the typical range and a good thing to shoot
> for.
Thanks.
Handwave. Suppose we do a release every 6 months. I'm assuming we will
support the
g...@rellim.com said:
> On the HDMI I need a dedicated screen, or switch back and forth from my desk
> top to the Pi on the same monitor. Also, if my edid is not 100% correct I
> need to get right the aspect ration, refresh rate, height, width, overscan,
> pixel encoding, etc.
I have a 4 port K
> A clean build wasn't enough, I actually had to re-configure.
I have a script that does a build. One of the early steps is deleting the
build directory.
--
These are my opinions. I hate spam.
___
devel mailing list
devel@ntpsec.org
http://lists.
e...@thyrsus.com said:
> But I can't get from your summary description to code. So I need a white
> paper from you on applying this technique that turns that theory into
> actionable advice. How to we test? What do we test? What are our
> success-failure criteria?
We don't need a yes/no answ
e...@thyrsus.com said:
> The need for that kind of manual intervention seems like a crash landing to
> me. It suggesrs that there's no way to package up this hypothetical test
> suite so that users can run it after building the software.
I wasn't trying to solve that problem.
I started by assum
e...@thyrsus.com said:
> au RasPi 2 Blue-wired SKU 424254
> cu RasPi 3 Uputronics GPS HAT
> fe RasPi 3 Adafruit GPS HAT
> nd RasPi 3 Adafruit GPS HAT
> ne RasPi 3 Adafruit GPS HAT
> xe Odroid C2Adafruit GPS HAT
I sugges
bellyac...@gmail.com said:
> By configuration I really meant, one could write a fairly simple overlay
> file that would load on boot. Basically automagically with the eeprom on
> the cape to identify it. The UART overlay files are all shipped standard
> now, one still needs to write one for th
We had a discussion several months ago, but I don't think we actually decided
what to do.
The current scheme is broken because I can't easily tell a pre-release
in-development version from the released version.
I know of two ways to fix that. One is to put a suffix on the in-progress
version
e...@thyrsus.com said:
> You're right. Requiring registration to post bugs is imposing unacceptable
> overhead.
I think it's reasonably common. Without registration or a captcha or some
equivalent pain in the ass, the spammers take over.
We could setup a mailbox or form on ntpsec.org with so
There is a typical discussion/flame-war in NANOG about Netflix blocking HE's
IPv6 tunnels. That reminds me that we should be sure we are testing IPv6.
Is anybody running a system without IPv4?
What sort of strange cases should we be testing?
---
Even if you don't have an IPv6 connection t
The initial symptom is a warning from clang 3.8.0 on a Raspberry Pi.
../../libntp/systime.c:460:37: warning: variable 'tvlast' is uninitialized
when
used here [-Wuninitialized]
Why didn't any of the other tools notice this? The code isn't particularly
complicated.
A diff with curr
fr...@nicholasfamilycentral.com said:
> I do have IPv6 available - I run dual stack. I could setup a Pi with only
> IPv6...
Thanks.
I'm not expecting any troubles. The testing I've done works fine. I'm just
fishing for ways to get more eyeballs looking for quirks and/or potentially
useful p
> Ntpd is running as user nobody, whom can't write to that directory.
Hopefully that is user ntp rather than nobody.
The file permissions need to be setup for log files as well as the drift file.
--
These are my opinions. I hate spam.
___
devel m
> I made it nobody, mod 777, and still no luck
I'm not sure what "no luck" means.
It doesn't get written at shutdown. I think ntp-classic used to do that a
long time ago. I remember some comments about fixing it. I don't remember
the reasoning.
--
These are my opinions. I hate spam.
_
bellyac...@gmail.com said:
> The logfile set to /var/log/ntpd.log is root:root. I'm not getting errors
> there, gathering that it was opened before privileges were dropped.
I think that will break if/when we fix ntpd to cooperate with logrotate or
newsyslog.
The stats files roll over occasio
bellyac...@gmail.com said:
> things have stabilized. The something on the order of once an hour or so
> from there on out.
> Have I misunderstood that?
I think that's right, but there is another layer that suppresses writes if
drift hasn't changed much. The idea is to reduce wear on flash s
e...@thyrsus.com said:
> You are suggesting that this is not so - that as long as we open log files
> before privilege-dropping the ntp user/group pair isn't necessary at all. If
> true I would mildly prefer to do things that way, it's simpler.
There are 2 types of "log" files. There is ntpd.lo
bellyac...@gmail.com said:
> Thanks for that. Is that documented somewhere that I've missed or
> overlooked? Or is this buried in the code somewhere that will be harder
> for someone such as myself to understand, figure out?
I didn't find it in the documentation. It's in the code: write_stats
e...@thyrsus.com said:
>> Why didn't any of the other tools notice this? The code isn't
particularly
>> complicated.
> I don't know. It does seem like the sort of error a static analyzer should
> spot.
Should we feed them a test case?
e...@thyrsus.com said:
> The assignment to tvlast doesn'
g...@rellim.com said:
> logrotate does not make files, it restarts ntpd, so ntpd can make the new
> file. Which has all the problems of restarting ntpd.
The logrotate I'm familiar with has the option to make the new file after
renaming the old one. (I may be confused by the netbsd/freebsd ve
e...@thyrsus.com said:
> My plan was to encourage you to elaborate - *and explain* - your favorite
> odd features for your local config, then work with you to prune it back to
> someting we might ship.
You are letting Gary suck you down ratholes.
I think you need to think hard about what your g
I'm fixing a minor typo.
I see {ntpdman} and +{ntpd}+ and {ntpd}
--
These are my opinions. I hate spam.
___
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
e...@thyrsus.com said:
> I am attempting to assemble a gallery of working ntp.conf files that we can
> ship with the HOWTO. My intentions include adding these to the NTP
> documentation as tutorial examples.
You are diving down another rathole. Save that for another day.
For the HOWTO, you sho
g...@rellim.com said:
> # The iburst option tells ntpd to query the pool serers with bursts ins=
> tead
> # of single requests. This can yield better results to remote servers.
Are you confusing iburst with burst?
Is it worth describing iburst here? Should we setup a FAQ for that sort
e...@thyrsus.com said:
>> I can't find an include file directive in ntp.conf?
> There isn't one. Eventually, for reasons related to the refclockd split, I
> know I'll have to fix that.
There is one in the parser: includefile. I haven't tried it. I remember
scanning something recently (code o
[country code in pool command]
> I'm thinking about having clockmaker do that edit. I think it's possible.
Maybe, but the pool doesn't support all countries (not enough volunteers) so
that code will need to track the actual pool details and I don't think they
make that information available in
g...@rellim.com said:
>> Are you confusing iburst with burst?
> Probably. The official descriptions are essentially identical, and the
> iburst seems a tad nicer to my eye. But we know that reading between the
> lines is not useful with NTP doc. :-(
iburst happens at startup time. That includ
matthew.sel...@twosigma.com said:
> clang as shipped with Xcode 7.3 did notice and an issue was raised:
> https://gitlab.com/NTPsec/ntpsec/issues/51
We need to do a better job of tracking issues.
Can we setup a mailing list that will get a message whenever an issue is
created or updated?
--
e...@thyrsus.com said:
[collecting ntp.conf]
>> You are diving down another rathole. Save that for another day.
> I think the time is now. We wouldn't have been able to put off really
> documenting this range of topics much longer, anyway. Has to happen
> before 1.0. ...
I agree that collectin
>> What are you using for ntp.conf on your test setups? Does it work?
> http://www.catb.org/esr/faqs/stratum-1-microserver-howto/ntp.conf
Aside from the 3 good servers tangle, it looks good.
When you switch to pool, you will have to remove the nopeer from the restrict
lines.
Issue #79:
pool
g...@rellim.com said:
> # The iburst option tells ntpd to query the pool serers with bursts ins=
> tead
> # of single requests. This can yield better results to remote servers.
That part is just wrong.
iburst tells it to send the first few requests at 2 second intervals rather
than wa
> GPS module is a ST22, SkyTraq Venus 6 chipset.
[ntpq -p shows PPS link off by a second.]
It's a gpsd bug/quirk. I've seen the same thing on a PC with a Venus chip
connected via USB.
I mentioned it a month or two ago but it fell through the cracks.
My case occasionally flips from one mode to
> Can you send me the output of this when it fails:
Not anytime soon. It's working correctly and I can't predict when it will
fail.
g...@rellim.com said:
> Well, then not the case at hand. the current problem is two edges per
> second, 500 milliSec apart.
How would an extra pulse at 500 ms
> Are they all suboptimal?
How about way out of date.
The pool got started before the pool command existed and/or distros are/were
running old versions of ntp. Using several server lines was/is a way to use
the pool without saying "pool". Early versions of the pool command may not
have worke
e...@thyrsus.com said:
> That's odd. The normal semtence budget including GPGSV should fit inside a
> second. Are you getting some kind of $PMTK thing that pushes it over?
I'm using gpsmon to watch the output. There is a pause every second. That's
measuring by eyeball.
Here is a typical se
> There is a GPGGA listed up high in the Sentences block but I haven't seen one.
Blush. It was right in front of me. See below.
g...@rellim.com said:
> gpsd assumes that the fix data for each second starts to arrive just after
> the beginning of the second. But yours starts so close to the en
e...@thyrsus.com said:
> ntpq has dangerous operations that tweak parameters of the time-sync
> algorithms on the fly - operations that can be triggered remotely. Or so I
> gather from things Hal Murray has said; my outside view is weak here, I've
> never explored those operatio
e...@thyrsus.com said:
> What you should see is the PPS bar, followed by a sentence burst, followed
> by a pause. If the burst is wrapping into the next second, it will be
> instantly obvious because the burst won't finish (no pause) before the next
> PPS bar.
Mail crossing in the night. The b
g...@rellim.com said:
>> The pool command hasn't been in the middle of this sort of sharp eyed=20
>> scrutiny. I won't be surprised if there are bugs or quirks.
> Well, if we can't prove it is better I would not be in a hurry to use it.
Please give it a try. We can't possibly prove anything if
e...@thyrsus.com said:
>> Mail crossing in the night. The burst is starting one sentence before the
>> PPS not starting in the middle and overflowing into the following second.
> That's... very weird. I've never seen it happen.
> It sounds as though for some crazy reason the GPS is delivering t
e...@thyrsus.com said:
>> ntpq can be used to tweak things, but it takes a password.
>> I've never used it that way.
> And if *you* haven't...I begin to wonder if 99% of the userbase even knows
> this feature exists.
> I'm sorely tempted to just rip everything password-protected out of ntpq and
>
fallenpega...@gmail.com said:
> While we are at 0.9.*, there isn't a need to distinguish pre-release-under-
> development and "release". Our users so far seem to be quite willing to
> pull from tip, or pull from the most recent tag, depending on what they
> intend. The security researchers look
g...@rellim.com said:
> Gack. Something about how burst works was bugging me. So I put tcpdump on
> it. I don't see any difference between burst and not having burst... I'm
> not saying it does not do anything, just not anything immediately obvious.
burst only matters if the polling interval
g...@rellim.com said:
> You need to do more than shutdown ntpd to get back to pre-ntp initial
> conditions. For a real good test you need to set the system clock off by
> maybe a minute, or an hour ,or maybe back to 1970. Remove the drift file.
> Remove the battery from you GPS. And probably re
e...@thyrsus.com said:
> # This does everyting but the battery removal.
Consider leaving the battery out of (at least) one system so the GPS cold
start case is easy to test. I think at least some GPS units have a software
restart option that does the same thing.
Are there any cold-start case
> Does a simple void cast work? E.g.:
> (void) strerror_r(...)
I haven't found the magic using that approach.
../../ntpd/nts.c:214:16: warning: ignoring return value of âstrerror_râ,
declared with attribute warn_unused_result [-Wunused-result]
(void) strerror_r(errno, errbu
> New warning on arm64:
Also happens on Fedora, both 64 and 32 bit.
Is it reasonable to fix the CI system to complain about warnings except for a
(hopefully short) list of known ones that we can't fix?
--
These are my opinions. I hate spam.
___
> I'm unaware of any we can't fix, except the bison one.
There are several others.
>From old CentOS:
> ntp_parser.tab.c:389:6: warning: "YYENABLE_NLS" is not defined
> ntp_parser.tab.c:1323:6: warning: "YYLTYPE_IS_TRIVIAL" is not defined
>From NetBSD on a Raspbery Pi:
> /usr/pkg/lib/libpython2.
Gary said:
> I fixed the libjsmn missing default one.
Thanks.
And thanks to whomever fixed the MacOS glitch.
--
These are my opinions. I hate spam.
___
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
The old code had several cases where there were 2 counters for things like
received NTS packets, total and bad. I changed that to good and bad.
A mix of old/new ntpq/ntpd won't show the total or good.
--
There is a lot of crap out there on the big bad internet.
NTS KE serves good:
I'm seeing things like this when doing ntpq -p to a far away site with lots of
opportunities for lost packets.
***No information returned for association 21216
Has anybody seen anything similar?
I only started seeing it recently. It's probably because my DSL line has gone
flaky. I don't r
Thanks.
There is another quirk that seems related to retransmissions. I forget the
details. I'm pretty sure there is bug report on it.
> I do remember that there was a very old issue with flaky behavior of ntpq
> over WiFi that we thought might be due to a bug in the fragment reassembly
If I
g...@rellim.com said:
> I would go further and say that order matters not at all. What matters is to
> start both as root. Depending on whether I am working on gpsd of ntpd I will
> just keep restarting the one I am working on. Never an issue.
How do you configure ntpsec?
I think the order
> It's one of the few times I've gone on an expedition like that and completely
> failed. Whatever it is, it's not going to be obvius.
Here is an interesting possibility. How about the code is working as designed
but the parameters are set wrong. Maybe not "wrong". How about "not
agressiv
I just updated the NTS code to include a Copyright, copied from another module.
If this isn't appropriate, please tell me what it should be.
/*
* nts_cookie.c - Network Time Security (NTS) cookie processing
* Copyright 2019 by the NTPsec project contributors
* SPDX-License-Identifier: BSD-4-
Gary (on users) said:
> Sure feels like a droproot permission problem.
It's a feature, not a bug. ;(
If gpsd runs first, it needs to set things up so user ntpd can write to the
SHM it creates. ntpd would have the same problem if gpsd had an
early-droproot.
Can we fix this by putting users
I'm close to finishing cleaning up all the FIXMEs I had left behind.
What's next?
There are 2 major items on my list:
More and/or alternate certificate checking.
There are lots of possibilities in this area. I haven't found one that
looks clean and simple. We can afford modest amounts of
> I just realised something: LetsEncrypt certs are max 90 days. When I renew
> them, will I need to restart NTPd?
Interesting timing. Richard's recent message reminded be of that issue.
Currently, you have to restart NTPD.
There is already code for doing things like that on SIGHUP. We need
The "JUNK" stuff is for debugging NTS. The most important part is the length
at the end. It's rate limited so there shouldn't be any serious problems with
clutter in the log file - just minor potential confusion like this.
Somebody on 2600:1700:6731:6c0:f2de:f1ff:fe20:1bbe is sending you pac
901 - 1000 of 2873 matches
Mail list logo
