Re: Trying to get in touch: ntp.org sites broken

2021-08-03 Thread Harlan Stenn
pages you mention on > https://www.ntp.org/ are no longer functioning. > > Like http://lists.ntp.org/ and http://support.ntp.org/. > > If anyone knows a way to get this fixed, please help. > > Thank you. > -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: CISCO 0-day exploits

2020-02-11 Thread Harlan Stenn
bad _everyone_ finds new bugs all the time and we don't > have the source code to fix it as a community. > So I suspect significantly better quality software would at least > initially cost more to produce and it would reduce revenue in loss of > support. Yeah, things need to get

Re: UDP/123 policers & status

2020-03-18 Thread Harlan Stenn
kets that would approach the MTU limit, in some cases. If a packet is "too big" for some pathway, then are we talking about a fractional packet loss or are we talking about 100% packet loss (dropped mid-way due to size)? > Damian -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: UDP/123 policers & status

2020-03-28 Thread Harlan Stenn
mmars said: > > The secure time transfer of NTS was designed to avoid > amplification attacks. Uh, no. If you understand what's going on from the perspective of both the client and the server and think about the various cases, I think you'll see what I mean. NTS is a task-specific hammer. -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: UDP/123 policers & status

2020-03-28 Thread Harlan Stenn
Ragnar, On 3/28/2020 4:09 PM, Ragnar Sundblad wrote: > >> On 28 Mar 2020, at 23:58, Harlan Stenn wrote: >> >>> Steven Sommars said: >>>> The secure time transfer of NTS was designed to avoid >>>amplification attacks. >> >> Uh, no

Re: UDP/123 policers & status

2020-03-28 Thread Harlan Stenn
Ragnar, On 3/28/2020 4:59 PM, Ragnar Sundblad wrote: > > >> On 29 Mar 2020, at 00:35, Harlan Stenn wrote: >> >> Ragnar, >> >> On 3/28/2020 4:09 PM, Ragnar Sundblad wrote: >>> >>>> On 28 Mar 2020, at 23:58, Harlan Stenn wrote: >>&

Re: UDP/123 policers & status

2020-03-28 Thread Harlan Stenn
will require increased network capacity. A cynic could argue that requiring additional internet bandwidth is a profitable goal, and the drama about requiring that extra protection is the distraction that normalizes that cost. H On 3/28/2020 5:18 PM, Harlan Stenn wrote: > Ragnar, > > On 3

Re: UDP/123 policers & status

2020-03-28 Thread Harlan Stenn
On 3/28/2020 5:35 PM, Ragnar Sundblad wrote: > > >> On 29 Mar 2020, at 01:18, Harlan Stenn wrote: >> >> Ragnar, >> >> On 3/28/2020 4:59 PM, Ragnar Sundblad wrote: >>> >>> >>>> On 29 Mar 2020, at 00:35, Harlan Stenn wrote:

Re: UDP/123 policers & status

2020-03-30 Thread Harlan Stenn
nse packets affect the quality of time synchronization, in various network scenarios. Some have claimed this is clearly noticeable and significant. I'd like to see the experiments and the data. NTF is very happy to do this work, incrementally if needed, if we can get the necessary su

Re: UDP/123 policers & status

2020-03-30 Thread Harlan Stenn
On 3/30/2020 1:27 AM, Saku Ytti wrote: > On Mon, 30 Mar 2020 at 11:15, Harlan Stenn wrote: > >> Please help me understand this. >> >> Exactly how bad is it if the query and response packets are of a >> different size? Does it matter at 4 bytes? 32? >

Re: UDP/123 policers & status

2020-03-30 Thread Harlan Stenn
t;Send your request again, but this time pad it to NNN bytes so I can respond with the same sized packet"? > Ragnar -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: UDP/123 policers & status

2020-04-16 Thread Harlan Stenn
r request again, but this time pad it to NNN bytes so I can respond with the same sized packet"? > Ragnar -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: UDP/123 policers & status

2020-04-17 Thread Harlan Stenn
NTP uses UDP for time. I'm not sure what you're talking about. H On 4/17/20 1:32 AM, Ragnar Sundblad wrote: > > >> On 17 Apr 2020, at 01:28, Harlan Stenn wrote: >> >> I found this as an unsent draft - I hope I didn't send it before. >> &

Re: UDP/123 policers & status

2020-04-17 Thread Harlan Stenn
quire an authenticated request in the first place? And I just realized this is the NANOG list and not the NTP list, so I'm happy to stop. H -- > Ragnar > >> On 17 Apr 2020, at 10:44, Harlan Stenn wrote: >> >> NTP uses UDP for time. >> >> I'm not sure wha

Re: IERS ponders reverse leapsecond...

2022-08-08 Thread Harlan Stenn
ail. Please excuse my brevity. -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: IERS ponders reverse leapsecond...

2022-08-08 Thread Harlan Stenn
he universal way time is measured on Earth – may have to change" They don't even know the difference between TAI and UTC. -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: NTP question

2019-05-01 Thread Harlan Stenn
servers in their data centers for their tenants (or for the general public)? -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: NTP question

2019-05-01 Thread Harlan Stenn
On 5/1/19 2:59 PM, Andreas Ott wrote: > On Wed, May 01, 2019 at 02:35:58PM -0700, Harlan Stenn wrote: >> - Why do folks want to have one or more NTP server masters that have at >> least 1 refclock on them in a data center, instead of having their data >> center NTP server

Re: NTP question

2019-05-01 Thread Harlan Stenn
k and start serving time, but at least you've > potentially got known-good time info before you start bringing > higher-level network protocols up (and can purposely delay until you do, > if desired) which is potentially impossible if your only source of time > is the network itself. Ah, this is the dance with "have enough sources of time"... -- Harlan Stenn, Network Time Foundation http://nwtime.org - be a Member!

Re: NTP question

2019-05-01 Thread Harlan Stenn
he firmware. These problems can be mitigated if you have "enough" time sources for your internal NTP servers and you peer with enough other, possibly your, servers. > Regards, > Bill Herrin -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: NTP question

2019-05-01 Thread Harlan Stenn
their smallest models >> have decent oscillators (for keeping the ticks accurate between GPS signals). >> >> The Meinberg time server products (I am guessing all of them, but I’m not >> sure) also have a mode where they poll an upstream NTP server aggressively >> and then steer the oscillator after it. I haven’t used it in production, but >> it worked a lot better than it sounded like it would. (In other words, even >> without GPS it’s a better time server than most systems). >> >> >> Ask -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: NTP Question

2019-05-01 Thread Harlan Stenn
7;s worth. And there are some good points in there, too. H -- > -mel > > On May 1, 2019, at 3:48 PM, James R Cutler > mailto:james.cut...@consultant.com>> wrote: > > On Wed, May 01, 2019 at 02:35:58PM -0700, Harlan Stenn wrote: > - Why do folks want to have one or m

Re: NTP question

2019-05-01 Thread Harlan Stenn
and soliciting new servers of currently-good quality to replace them. This goes to "have _enough_ good-quality servers, and monitor your ntpd". > If your system is Internet-connected. If you run an air gapped network then > yeah, get your time out of band. > > Regards, > Bill Herrin > > -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: NTP question

2019-05-01 Thread Harlan Stenn
ff in their own directions. http://support.ntp.org/bin/view/Support/OrphanMode is the better solution. If you cannot do that for some reason, please see the "Dual Time Servers" case at http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock . -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: NTP question

2019-05-01 Thread Harlan Stenn
behaves if it loses the GPS signal. The consensus issue isn't about the number of satellites the GPS receiver sees, it's about the number of time sources your NTP servers see. H -- > -mel via cell > >> On May 1, 2019, at 6:49 PM, Harlan Stenn wrote: >> >> >

Re: NTP question

2019-05-02 Thread Harlan Stenn
On 5/2/2019 9:13 AM, James R Cutler wrote: >> On May 2, 2019, at 10:59 AM, William Herrin > <mailto:b...@herrin.us>> wrote: >> >> On Wed, May 1, 2019 at 7:03 PM Harlan Stenn > <mailto:st...@nwtime.org>> wrote: >> >> It's n

Re: NTP question

2019-05-02 Thread Harlan Stenn
On 5/2/2019 7:59 AM, William Herrin wrote: > On Wed, May 1, 2019 at 7:03 PM Harlan Stenn <mailto:st...@nwtime.org>> wrote: > > It's not clear to me that there's anything *wrong* with using the pool, > especially if you're using our 'pool'

Re: Paging anyone from ntpd.org

2019-12-31 Thread Harlan Stenn
nl? Is that legit? I don't know what >> it was before because I've never looked, but that seems off. >> >> > > nevermind, I'm tired and confused ntpd.org with ntp.org. Just going to > wildcard *.ntpd.org to 127.0.0.1 and go back to sleep. I did think about r

Re: Paging anyone from ntpd.org

2019-12-31 Thread Harlan Stenn
On 12/31/2019 7:21 AM, Seth Mattinen wrote: > On 12/31/19 1:32 AM, Harlan Stenn wrote: >> On 12/30/2019 8:32 PM, Seth Mattinen wrote: >>> On 12/30/19 8:22 PM, Seth Mattinen wrote: >>>> Is anyone from ntpd.org on here? You're pointing DNS at me for some >>

Re: NIST NTP servers

2016-05-10 Thread Harlan Stenn
to get NTP from the servers you run > using authentication. Yes, and properly monitor your ntpd instances. -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: NIST NTP servers

2016-05-11 Thread Harlan Stenn
er. This trick only works for IPv4. And we have a fix for all of this that will be out soon. -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: NIST NTP servers

2016-05-11 Thread Harlan Stenn
Harlan Stenn writes: > Sharon Goldberg writes: > > Well, if you really want to learn about the NTP servers a target is using > > you can always just sent them a regular NTP timing query (mode 3) and just > > read off the IP address in the reference ID field of the response

Re: Leap Second planned for 2016

2016-07-08 Thread Harlan Stenn
ard libraries. > > Hopefully they'll decide in 2023 finally to get rid of leap seconds > from UTC. Then GPS_TIME, TAI and UTC are all same with different > static offset. How about you run your systems on TAI or satellite time? -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: Yet another NTP security bug we fixed before the CVE issued

2016-10-28 Thread Harlan Stenn
out to happen. Mostly "security" bugs that folks will not see, if they're being at all responsible. Eric, you are loved and appreciated, and respected and admired. -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: Recent NTP pool traffic increase

2016-12-20 Thread Harlan Stenn
lots more if we had a useful budget. Folks pay money for DNS registrations. There's no revenue stream around "time". Help us get enough support to NTF, and we'll have the staff and infrastructure to do more for folks. -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: Recent NTP pool traffic increase

2016-12-20 Thread Harlan Stenn
other (non Google) leap-smearing NTP implementations? The NTP Project has had a leap-smear implementation for a while. We also have a proposal for a REFID that indicates the provided time is a leap-smear time, and Network Time Foundation is working on a new timestamp format and API that will easily allow time exchange between systems using different timescales. -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: Recent NTP pool traffic increase

2016-12-22 Thread Harlan Stenn
On 12/22/16 4:11 PM, Ask Bjørn Hansen wrote: >> On Dec 20, 2016, at 8:02 PM, Harlan Stenn >> wrote: >> >>> On 12/20/16 7:27 PM, Laurent Dumont wrote: To be honest, the fact >>> that NTP is still something managed by volunteers and not a >>> regul

Re: Recent NTP pool traffic increase

2016-12-22 Thread Harlan Stenn
On 12/22/16 5:25 PM, Royce Williams wrote: > On Thu, Dec 22, 2016 at 4:05 PM, Harlan Stenn wrote: > >> This sort of misconfiguration will happen and the NTP Pool Project >> clearly isn't the place to solve this problem overall. It *is* >> something NTF is in a pos

Re: Recent NTP pool traffic increase (update)

2016-12-25 Thread Harlan Stenn
'd like them to change the information. > Is there the person knowing the contact information to ntp.org? I don't recall seeing the emails you sent to webmaster, but we do have a new group of folks watching the Servers web. We would be happy to work with you to give you access to those entr

Re: Recent NTP pool traffic increase

2016-12-30 Thread Harlan Stenn
ime? Even the national labs aren't -- UTC is > figured well after the fact. > > In the United States that would the United States Naval Observatory > (USNO) Master Clock (http://tycho.usno.navy.mil/). You can read > more about it here: > http://motherboard.vice.com/read/demetrios-matsakis-and-the-master-clock > > allan > > -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: Temperature monitoring

2017-07-13 Thread Harlan Stenn
enough boxes, you should have an easy time seeing what happens on boxes where you have an easier time watching ntpd's drift value than you have watching a nearby dedicated temperature sensor. -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: OpenNTPProject.org

2014-02-17 Thread Harlan Stenn
Kate Gerry writes: > Just add these to your ntp.conf configuration then restart the service: (Wo= > rks with all default installations that I've found) > > restrict default kod nomodify notrap nopeer noquery > restrict -6 default kod nomodify notrap nopeer noquery KOD only works with "limited" in

Re: OpenNTPProject.org

2014-02-17 Thread Harlan Stenn
If somebody has contacts at Juniper who is involved in this, I'd like to get their contact information. -- Harlan Stenn http://networktimefoundation.org - be a member!

NTP DRDos Blog post

2014-02-19 Thread Harlan Stenn
Folks, I just posted http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ . In general we've never allowed comments to blog posts on that site; we're currently discussing if we should allow them for this post. I'd love to hear any feedback about the post. Thanks... -- Har

Re: Filter NTP traffic by packet size?

2014-02-21 Thread Harlan Stenn
"Dobbins, Roland" writes: > Operators are using this size-based filtering to effect without > breaking the world. As a reality check, with this filtering in place does "ntptrace" still work? H

Re: Net Neutrality...

2014-07-15 Thread Harlan Stenn
Brett Glass writes: > At 12:19 PM 7/15/2014, Barry Shein wrote: > > >There exists a low and high (practical) bandwidth range within which > >it simply doesn't make any difference to a given business model. > > Very true. And there's another factor to consider. > > Estimates of the maximum bandwi

Re: Muni Fiber and Politics

2014-07-21 Thread Harlan Stenn
Greg Walden (R-OR) is similarly funded by the cable and telecom folks, and is also loud and clear that he thinks we should forget about net neutrality and let the companies do what is best. H

Security release scheduling

2015-09-28 Thread Harlan Stenn
hing others must have solved, and I'm hoping some folks on this list might be able to offer me some pointers. -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: Security release scheduling

2015-09-29 Thread Harlan Stenn
On 9/28/15 11:08 PM, Mark Andrews wrote: > In message <560a13e6.7060...@nwtime.org>, Harlan Stenn writes: >> I'm looking for some general "calendar" help to use for our security >> release scheduling process. Something that usefully accounts for >> clie

Re: Security release scheduling

2015-09-29 Thread Harlan Stenn
d on input from your constituents. Do your best. That is all > your can do. > > Barry > > PS - Let me know if you need help writing the disclosure policy. > > > -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: Advance notice - H-root address change on December 1, 2015

2015-11-16 Thread Harlan Stenn
On 11/16/15 4:55 PM, Jared Mauch wrote: > This action by red hat is nice from a stability perspective but > infuriates many standards derived folks like ISC/BIND and NTP amongst > others as a version number means something to them. > > This dialogue is typically broken from both sides as expecta

Re: BCOP appeals numbering scheme -- feedback requested

2015-03-15 Thread Harlan Stenn
> but adds enormous value and > serves as a forcing function for some level of review, cursory though > it may be. I think so too. Hey everybody, please support Network Time. Spread the word. OK, I said it. -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: Supporting network time software development/maintenance (was: Re: BCOP appeals numbering scheme -- feedback requested)

2015-03-16 Thread Harlan Stenn
Rob Seastrom writes: > New subject so as to minimize threadjacking, not the least because > this is important stuff. > > Harlan Stenn writes: > >>> Releng is hard and thankless but adds enormous value and >>> serves as a forcing function for some level of rev

Re: [SECURITY] Application layer attacks/DDoS attacks

2015-05-23 Thread Harlan Stenn
Just to ask, what is the expected effect on DDoS attacks if folks implemented BCP38? How does the cost of implementing BCP38 compare to the cost of other solution attempts? H

Re: REMINDER: LEAP SECOND

2015-06-19 Thread Harlan Stenn
ss in the kernel, described over 20 years ago - use the posix-right timezone files - help Network Time Foundation get the General Timestamp API implemented and deployed, which will let folks use whatever timescale they want. -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: REMINDER: LEAP SECOND

2015-06-19 Thread Harlan Stenn
Bad idea. When restarting ntpd your clocks will likely be off by a second, which will cause a backward step, which will force the problem you claim to be avoiding. There are plenty of ways to solve this problem, and you just get to choose what you want to risk/pay. -- Harlan Stenn http

Re: REMINDER: LEAP SECOND

2015-06-19 Thread Harlan Stenn
Baldur Norddahl writes: > On 19 June 2015 at 23:58, Harlan Stenn wrote: > > > Bad idea. > > > > When restarting ntpd your clocks will likely be off by a second, which > > will cause a backward step, which will force the problem you claim to be > > avoidi

Re: REMINDER: LEAP SECOND

2015-06-20 Thread Harlan Stenn
and for the number of product lines that use it, they could certainly do better. I know they were current when I did the port for the MDS switch line, years ago. -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: REMINDER: LEAP SECOND

2015-06-20 Thread Harlan Stenn
shawn wilson writes: > ... I mean letting computers figure out slower earth rotation on the > fly would seem more accurate than leap seconds anyway. And then all of > us who do earthly things and would like simpler libraries could live > in peace. Really? Have you looked in to those calculations,

Re: REMINDER: LEAP SECOND

2015-06-22 Thread Harlan Stenn
Tony Finch writes: > Harlan Stenn wrote: > > > It's a problem with POSIX, not UTC. > > > > UTC is monotonic. > > The problems are that UTC is unpredictable, and it breaks the standard > labelling of points in time that was used for hundreds (arguably > t

Re: REMINDER: LEAP SECOND

2015-06-22 Thread Harlan Stenn
Doug Barton writes: > This is an OpenPGP/MIME signed message (RFC 4880 and 3156) > On 6/19/15 2:58 PM, Harlan Stenn wrote: >> Bad idea. >> >> When restarting ntpd your clocks will likely be off by a second, >> which will cause a backward step, which will force

Re: REMINDER: LEAP SECOND

2015-06-23 Thread Harlan Stenn
This stuff can make my head explode. When a leap second is added, like on 30 June 2015 at the last second of the day, POSIX insists that the day still have 86400 seconds in it. This makes the day longer by one second, so time has to either slow down or move backwards. The "dumb" way to do this is

Re: NANOG Digest, Vol 89, Issue 24

2015-06-23 Thread Harlan Stenn
Alex Hardie writes: > Not to inject more confusion - but GPS and NTP are noted in the > thread... but not PTP (IEEE1588)? I don't belive PTP generally uses UTC as a timescale. H

Re: REMINDER: LEAP SECOND

2015-06-23 Thread Harlan Stenn
shawn wilson writes: > On Jun 23, 2015 6:26 AM, "Nick Hilliard" wrote: > > > > > > > Blocking NTP at the NTP edge will probably work fine for most situations. > > Bear in mind that your NTP edge is not necessarily the same as your > network > > edge. E.g. you might have internal GPS / radio sour

Re: REMINDER: LEAP SECOND

2015-06-23 Thread Harlan Stenn
Matthew Huff writes: > A backward step is a known issue and something that people are more > comfortable dealing with as it can happen on any machine with a noisy > clock crystal. A clock crystal has to be REALLY bad for ntpd to need to step the clock. > Having 61 seconds in a minute or 86401 sec

Re: leap second outage

2015-06-30 Thread Harlan Stenn
Joe writes: > A leap sec causing issues. For about 40 years now, there have been > these leap seconds to no real issue. All of these are "go-forwards" No, they're all "go-backwards" events. That's no big deal to things that don't care about monotonic time, or to folks who aren't in violation of s

Re: leap second outage

2015-06-30 Thread Harlan Stenn
Mikael Abrahamsson writes: > This is similar to the jiffycounter wrapping, since this doesn't happen > that often, it's not commonly tested for. Good way is to start the jiffy > counter so it wraps after 10 minutes of uptime. That way you'll run into > any bugs quickly. Either we should abolish

Re: leap second outage

2015-07-01 Thread Harlan Stenn
on for > possible leap second issues and other possible clock-related issues > such as clock stepping, DST, and Year 2038 in their standard smoke > tests Yes. And even so, testing these things takes time and equipment. -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: REMINDER: LEAP SECOND

2015-07-01 Thread Harlan Stenn
Mike Hammett writes: > It looks to have only affected the CCR line and only those running the > NTP and not the SNTP package. Any idea what version of NTP or what their configuration looked like? H

Re: NTP versions in production use?

2015-07-11 Thread Harlan Stenn
Resending... On 7/10/15 12:29 PM, Harlan Stenn wrote: > I'm trying to build a list of the versions of NTP that are in active use > on various active pieces of network gear. > > I know that Cisco, for example, uses NTP in around 10 different product > lines, but I don't

Re: NTP versions in production use?

2015-07-11 Thread Harlan Stenn
; precision=-18, rootdelay=0.000, rootdispersion=656381.655, peer=0, > refid=INIT, reftime=. Thu, Feb 7 2036 1:28:16.000, > poll=4, clock=d94c5a40.fa58e5f0 Sat, Jul 11 2015 23:15:12.977, state=0, > offset=0.000, frequency=0.000, jitter=0.004, stability=0.000 > >

Re: NTP versions in production use?

2015-07-11 Thread Harlan Stenn
H -- On 7/11/15 8:21 PM, Dovid Bender wrote: > You would need to ask Juniper that > > > On Sat, Jul 11, 2015 at 11:17 PM, Harlan Stenn wrote: > >> Dovid, >> >> Thanks, and I'm kinda stunned that folks are running such ancient >> versions of NTP.

Re: NTP versions in production use?

2015-07-11 Thread Harlan Stenn
Harlan Stenn writes: > We will. But we're going to be asking them for support for network > time. Folks like you are probably paying them for support. They'll > listen more to people like you. > > This goes to *all* vendors who embed NTP in their products, we're

Re: NTP versions in production use?

2015-07-12 Thread Harlan Stenn
r more profitable to offer maintenance support on older software releases for much longer periods of time. But I must be missing something here as well, as I was never able to make headway with this idea when I was at Cisco. -- Harlan Stenn http://networktimefoundation.org - be a member! signature.asc Description: OpenPGP digital signature

Re: Did *bufferbloat* cause the 2010 flashcrash?

2015-08-06 Thread Harlan Stenn
don't know anywhere near enough about it, so I leave the knobs alone. -- Harlan Stenn http://networktimefoundation.org - be a member!

Re: Small Internet border router options?

2024-05-13 Thread Harlan Stenn via NANOG
L3? Tom -- Harlan Stenn https://www.nwtime.org/ - be a member!