[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: openntpd and ntpq

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: openntpd and ntpq
From: Ben Goren <ben_(_at_)_trumpetpower_(_dot_)_com>
Date: Mon, 30 Aug 2004 21:39:08 -0700

On 2004 Aug 30, at 8:01 PM, Chuck Buckley wrote:

> Well given that no one here cares to give any kind of quantitative
> comparison between ntpd and xntpd on various levels of questions, I
> now have to question what are you trying to hide?

Presumably, they're trying desperately to keep you from discovering 
this link:

     http://www.openntpd.org/dist/openbsd/

> Are you afraid
> that *certain* people WILL CONTINUE to run an xntpd time daemon when 
> they find out the 'cost' outweighs inferior service aspects of ntpd?

Do you really think Theo or Henning or any of the rest of the 
developers give a damn how many people use OpenBSD or OpenNTPD?

How many times do they have to say it? They write code FOR THEMSELVES. 
It pleases them to let others have access to it, which is why they give 
it away. But they don't write it for you, or for me, or for Bill Gates, 
or for anybody else but THEMSELVES.

>> Yeah, you need very very accurate time on your machines so that you 
>> can
>> see the attacks from machines that are off by 5 minutes, going 
>> through a
>> gigantic internet infrastructure of perhaps 50 machines, all with 
>> their
>> clocks wildly off over a 5 minute range too.  Yeah, right.
>
> 5 minutes eh? Funny, I didn't know network packets took 5 minutes to go
> through a firewall to an end system. Maybe you meant 5 microseconds?
> Certainly those packets fly faster than the quoted 50ms of accuracy for
> ntpd.

First, get your units straight. 1 ms = 1 millisecond = 0.001 seconds. 1 
usec = 1 microsecond = 0.000001 second. You might get to the 
milliseconds with ntp.org, but you'll never get to the microseconds 
without a hardware reference, PPS, and all that.

I can speak from experience; read my previous note. It's not all 
uncommon for, over a period of weeks, ntp.org's ntpd to drift by a 
matter of minutes, not milliseconds. This is the reality of their 
daemon: you're either spot-on or you're far off. Never mind their 
claims; this is what happens in the real world.

In the real world of OpenNTPD, you might never achieve millisecond 
precision, but you'll never ever be more than a tenth of a second off, 
either (at absolute worst, and assuming a network connection that's 
there at least as much as it's not). From eyeballing things, I'd guess 
that I'm usually within a few hundredths of a second. Can you tell the 
difference between 21:36:43.33 and 21:36:43.36? Neither can I.

This is why I'm now running OpenNTPD. Oh, the fact that it's privilege 
separated, small, written by people who know security, and all that is 
nice, but that just means I could consider opening a hole in my 
firewall to let others talk to ntpd. (If the Navy wants to screw with 
me, they won't be doing so through NTP, I can assure you.)

If you're happy with ntp.org, please use it! Nobody's stopping you. 
Indeed, we're encouraging you.

Just don't slander OpenNTPD in order to justify your decision.

Cheers,

b&

P.S. Have you actually *used* OpenNTPD? Have you looked at the code? b&

[demime 0.98d removed an attachment of type application/pgp-signature which had a name of PGP.sig]

Prev by Date: Re: openntpd and ntpq
Next by Date: Re: Debian bug report refers to OpenBSD bug writ tcp window scaling
Previous by thread: Re: openntpd and ntpq
Next by thread: Re: openntpd and ntpq
Index(es):
- Date
- Thread

Visit your host, monkey.org