RE: [PATCH v1 0/4] Sync StarFive JH7110 clock and reset dt-bindings with Linux

[Hal Feng]

> On 04.06.24 04:32, E Shattow wrote:
> Hi Hal,
> 
> Instead of manual dt-bindings sync can we please adopt OF_UPSTREAM for
> JH7110 ?

Yeah, I will try to do it recently, although I am not sure whether the U-Boot
drivers and Linux drivers are compatible so that they can use the same DT.

Best regards,
Hal

> 
> 
> On Mon, Jun 3, 2024 at 6:57 AM Hal Feng  wrote:
> >
> > There are differences in clock / reset dt-bindings between U-Boot and
> > Linux. Sync them, so it is feasible to use OF_UPSTREAM for StarFive
> > JH7110 SoC.
> >
> > Hal Feng (4):
> >   dt-bindings: clock: jh7110: Sync with Linux
> >   dt-bindings: reset: jh7110: Sync with Linux
> >   clk: starfive: jh7110: Sync clock definitions with Linux
> >   riscv: dts: jh7110: Sync clock and reset definitions with Linux
> >
> >  .../dts/jh7110-starfive-visionfive-2.dtsi |   6 +-
> >  arch/riscv/dts/jh7110-u-boot.dtsi |   2 +-
> >  arch/riscv/dts/jh7110.dtsi|  28 +--
> >  drivers/clk/starfive/clk-jh7110-pll.c |   6 +-
> >  drivers/clk/starfive/clk-jh7110.c |  44 ++---
> >  .../dt-bindings/clock/starfive,jh7110-crg.h   | 180 +++---
> >  .../dt-bindings/reset/starfive,jh7110-crg.h   | 144 --
> >  7 files changed, 243 insertions(+), 167 deletions(-)
> >
> >
> > base-commit: ea722aa5eb33740ae77e8816aeb72b385e621cd0
> > --
> > 2.43.2
> >

[PATCH v1 4/4] riscv: dts: jh7110: Sync clock and reset definitions with Linux

[Hal Feng]

The JH7110 clock and reset dt-bindings are synchronized with Linux,
so update the clock and reset definitions in device tree accordingly.

Signed-off-by: Hal Feng 
---
 .../dts/jh7110-starfive-visionfive-2.dtsi |  6 ++--
 arch/riscv/dts/jh7110-u-boot.dtsi |  2 +-
 arch/riscv/dts/jh7110.dtsi| 28 +--
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/arch/riscv/dts/jh7110-starfive-visionfive-2.dtsi 
b/arch/riscv/dts/jh7110-starfive-visionfive-2.dtsi
index e11babc1cd..2666fd4696 100644
--- a/arch/riscv/dts/jh7110-starfive-visionfive-2.dtsi
+++ b/arch/riscv/dts/jh7110-starfive-visionfive-2.dtsi
@@ -334,9 +334,9 @@
  < JH7110_SYSCLK_BUS_ROOT>,
  < JH7110_SYSCLK_PERH_ROOT>,
  < JH7110_SYSCLK_QSPI_REF>;
-   assigned-clock-parents = < JH7110_SYSCLK_PLL0_OUT>,
-< JH7110_SYSCLK_PLL2_OUT>,
-< JH7110_SYSCLK_PLL2_OUT>,
+   assigned-clock-parents = < JH7110_PLLCLK_PLL0_OUT>,
+< JH7110_PLLCLK_PLL2_OUT>,
+< JH7110_PLLCLK_PLL2_OUT>,
 < JH7110_SYSCLK_QSPI_REF_SRC>;
assigned-clock-rates = <0>, <0>, <0>, <0>;
 };
diff --git a/arch/riscv/dts/jh7110-u-boot.dtsi 
b/arch/riscv/dts/jh7110-u-boot.dtsi
index c09d5c9170..56530cf4c2 100644
--- a/arch/riscv/dts/jh7110-u-boot.dtsi
+++ b/arch/riscv/dts/jh7110-u-boot.dtsi
@@ -62,7 +62,7 @@
< JH7110_SYSRST_DDR_OSC>,
< JH7110_SYSRST_DDR_APB>;
reset-names = "axi", "osc", "apb";
-   clocks = < JH7110_SYSCLK_PLL1_OUT>;
+   clocks = < JH7110_PLLCLK_PLL1_OUT>;
clock-names = "pll1_out";
clock-frequency = <2133>;
};
diff --git a/arch/riscv/dts/jh7110.dtsi b/arch/riscv/dts/jh7110.dtsi
index 2cdc683d49..dbce57c421 100644
--- a/arch/riscv/dts/jh7110.dtsi
+++ b/arch/riscv/dts/jh7110.dtsi
@@ -503,9 +503,9 @@
 <_bclk_ext>, <_lrck_ext>,
 <_bclk_ext>, <_lrck_ext>,
 <_ext>, <_ext>,
-< JH7110_SYSCLK_PLL0_OUT>,
-< JH7110_SYSCLK_PLL1_OUT>,
-< JH7110_SYSCLK_PLL2_OUT>;
+< JH7110_PLLCLK_PLL0_OUT>,
+< JH7110_PLLCLK_PLL1_OUT>,
+< JH7110_PLLCLK_PLL2_OUT>;
clock-names = "osc", "gmac1_rmii_refin",
  "gmac1_rgmii_rxin",
  "i2stx_bclk_ext", "i2stx_lrck_ext",
@@ -646,10 +646,10 @@
rng: rng@1600c000 {
compatible = "starfive,jh7110-trng";
reg = <0x0 0x1600C000 0x0 0x4000>;
-   clocks = < JH7110_STGCLK_SEC_HCLK>,
-< JH7110_STGCLK_SEC_MISCAHB>;
+   clocks = < JH7110_STGCLK_SEC_AHB>,
+< JH7110_STGCLK_SEC_MISC_AHB>;
clock-names = "hclk", "ahb";
-   resets = < JH7110_STGRST_SEC_TOP_HRESETN>;
+   resets = < JH7110_STGRST_SEC_AHB>;
interrupts = <30>;
};
 
@@ -707,12 +707,12 @@
bus-range = <0x0 0xff>;
clocks = < JH7110_SYSCLK_NOC_BUS_STG_AXI>,
 < JH7110_STGCLK_PCIE0_TL>,
-< JH7110_STGCLK_PCIE0_AXI>,
+< JH7110_STGCLK_PCIE0_AXI_MST0>,
 < JH7110_STGCLK_PCIE0_APB>;
clock-names = "noc", "tl", "axi", "apb";
-   resets = < JH7110_STGRST_PCIE0_MST0>,
-< JH7110_STGRST_PCIE0_SLV0>,
-< JH7110_STGRST_PCIE0_SLV>,
+   resets = < JH7110_STGRST_PCIE0_AXI_MST0>,
+< JH7110_STGRST_PCIE0_AXI_SLV0>,
+< JH7110_STGRST_PCIE0_AXI_SLV>,
 < JH7110_STGRST_PCIE0_BRG>,
 < JH7110_STGRST_PCIE0_CORE>,
   

[PATCH v1 3/4] clk: starfive: jh7110: Sync clock definitions with Linux

[Hal Feng]

The JH7110 clock dt-bindings is synchronized with Linux,
so update the clock definitions in drivers accordingly.

Signed-off-by: Hal Feng 
---
 drivers/clk/starfive/clk-jh7110-pll.c |  6 ++--
 drivers/clk/starfive/clk-jh7110.c | 44 +--
 2 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/drivers/clk/starfive/clk-jh7110-pll.c 
b/drivers/clk/starfive/clk-jh7110-pll.c
index 1568a1f4cd..96beacb4fa 100644
--- a/drivers/clk/starfive/clk-jh7110-pll.c
+++ b/drivers/clk/starfive/clk-jh7110-pll.c
@@ -375,13 +375,13 @@ static int jh7110_pll_clk_probe(struct udevice *dev)
if (sysreg == FDT_ADDR_T_NONE)
return -EINVAL;
 
-   clk_dm(JH7110_PLL_ID_TRANS(JH7110_SYSCLK_PLL0_OUT),
+   clk_dm(JH7110_PLL_ID_TRANS(JH7110_PLLCLK_PLL0_OUT),
   starfive_jh7110_pll("pll0_out", "oscillator", reg,
   (void __iomem *)sysreg, 
_jh7110_pll0));
-   clk_dm(JH7110_PLL_ID_TRANS(JH7110_SYSCLK_PLL1_OUT),
+   clk_dm(JH7110_PLL_ID_TRANS(JH7110_PLLCLK_PLL1_OUT),
   starfive_jh7110_pll("pll1_out", "oscillator", reg,
   (void __iomem *)sysreg, 
_jh7110_pll1));
-   clk_dm(JH7110_PLL_ID_TRANS(JH7110_SYSCLK_PLL2_OUT),
+   clk_dm(JH7110_PLL_ID_TRANS(JH7110_PLLCLK_PLL2_OUT),
   starfive_jh7110_pll("pll2_out", "oscillator", reg,
   (void __iomem *)sysreg, 
_jh7110_pll2));
 
diff --git a/drivers/clk/starfive/clk-jh7110.c 
b/drivers/clk/starfive/clk-jh7110.c
index a38694809a..523342128e 100644
--- a/drivers/clk/starfive/clk-jh7110.c
+++ b/drivers/clk/starfive/clk-jh7110.c
@@ -496,37 +496,37 @@ static int jh7110_stgcrg_init(struct udevice *dev)
 {
struct jh7110_clk_priv *priv = dev_get_priv(dev);
 
-   clk_dm(JH7110_STG_ID_TRANS(JH7110_STGCLK_USB_APB),
+   clk_dm(JH7110_STG_ID_TRANS(JH7110_STGCLK_USB0_APB),
   starfive_clk_gate(priv->reg,
 "usb_apb", "apb_bus",
-OFFSET(JH7110_STGCLK_USB_APB)));
-   clk_dm(JH7110_STG_ID_TRANS(JH7110_STGCLK_USB_UTMI_APB),
+OFFSET(JH7110_STGCLK_USB0_APB)));
+   clk_dm(JH7110_STG_ID_TRANS(JH7110_STGCLK_USB0_UTMI_APB),
   starfive_clk_gate(priv->reg,
 "usb_utmi_apb", "apb_bus",
-OFFSET(JH7110_STGCLK_USB_UTMI_APB)));
-   clk_dm(JH7110_STG_ID_TRANS(JH7110_STGCLK_USB_AXI),
+OFFSET(JH7110_STGCLK_USB0_UTMI_APB)));
+   clk_dm(JH7110_STG_ID_TRANS(JH7110_STGCLK_USB0_AXI),
   starfive_clk_gate(priv->reg,
 "usb_axi", "stg_axiahb",
-OFFSET(JH7110_STGCLK_USB_AXI)));
-   clk_dm(JH7110_STG_ID_TRANS(JH7110_STGCLK_USB_LPM),
+OFFSET(JH7110_STGCLK_USB0_AXI)));
+   clk_dm(JH7110_STG_ID_TRANS(JH7110_STGCLK_USB0_LPM),
   starfive_clk_gate_divider(priv->reg,
 "usb_lpm", "oscillator",
-OFFSET(JH7110_STGCLK_USB_LPM), 2));
-   clk_dm(JH7110_STG_ID_TRANS(JH7110_STGCLK_USB_STB),
+OFFSET(JH7110_STGCLK_USB0_LPM), 2));
+   clk_dm(JH7110_STG_ID_TRANS(JH7110_STGCLK_USB0_STB),
   starfive_clk_gate_divider(priv->reg,
 "usb_stb", "oscillator",
-OFFSET(JH7110_STGCLK_USB_STB), 3));
-   clk_dm(JH7110_STG_ID_TRANS(JH7110_STGCLK_USB_APP_125),
+OFFSET(JH7110_STGCLK_USB0_STB), 3));
+   clk_dm(JH7110_STG_ID_TRANS(JH7110_STGCLK_USB0_APP_125),
   starfive_clk_gate(priv->reg,
 "usb_app_125", "usb_125m",
-OFFSET(JH7110_STGCLK_USB_APP_125)));
-   clk_dm(JH7110_STG_ID_TRANS(JH7110_STGCLK_USB_REFCLK),
+OFFSET(JH7110_STGCLK_USB0_APP_125)));
+   clk_dm(JH7110_STG_ID_TRANS(JH7110_STGCLK_USB0_REFCLK),
   starfive_clk_divider(priv->reg, "usb_refclk", "oscillator",
-   OFFSET(JH7110_STGCLK_USB_REFCLK), 2));
-   clk_dm(JH7110_STG_ID_TRANS(JH7110_STGCLK_PCIE0_AXI),
+   OFFSET(JH7110_STGCLK_USB0_REFCLK), 2));
+   clk_dm(JH7110_STG_ID_TRANS(JH7110_STGCLK_PCIE0_AXI_MST0),
   starfive_clk_gate(priv->reg,
 "pcie0_axi", "stg_axiahb",
-OFFSET(JH7110_STGCLK_PCIE0_AXI)));
+OFFSET(JH7110_STGCLK_PCIE0_AX

[PATCH v1 2/4] dt-bindings: reset: jh7110: Sync with Linux

[Hal Feng]

Sync JH7110 reset dt-bindings with Linux, which is the same with
dts/upstream/include/dt-bindings/reset/starfive,jh7110-crg.h
except copyright.

Signed-off-by: Hal Feng 
---
 .../dt-bindings/reset/starfive,jh7110-crg.h   | 144 +++---
 1 file changed, 88 insertions(+), 56 deletions(-)

diff --git a/include/dt-bindings/reset/starfive,jh7110-crg.h 
b/include/dt-bindings/reset/starfive,jh7110-crg.h
index 1d596581da..771b1aecd0 100644
--- a/include/dt-bindings/reset/starfive,jh7110-crg.h
+++ b/include/dt-bindings/reset/starfive,jh7110-crg.h
@@ -5,13 +5,13 @@
  * Author: Yanhong Wang 
  */
 
-#ifndef __DT_BINDINGS_RESET_STARFIVE_JH7110_H__
-#define __DT_BINDINGS_RESET_STARFIVE_JH7110_H__
+#ifndef __DT_BINDINGS_RESET_STARFIVE_JH7110_CRG_H__
+#define __DT_BINDINGS_RESET_STARFIVE_JH7110_CRG_H__
 
 /* SYSCRG resets */
-#define JH7110_SYSRST_JTAG2APB 0
-#define JH7110_SYSRST_SYSCON   1
-#define JH7110_SYSRST_IOMUX_APB2
+#define JH7110_SYSRST_JTAG_APB 0
+#define JH7110_SYSRST_SYSCON_APB   1
+#define JH7110_SYSRST_IOMUX_APB2
 #define JH7110_SYSRST_BUS  3
 #define JH7110_SYSRST_DEBUG4
 #define JH7110_SYSRST_CORE05
@@ -29,10 +29,10 @@
 #define JH7110_SYSRST_TRACE2   17
 #define JH7110_SYSRST_TRACE3   18
 #define JH7110_SYSRST_TRACE4   19
-#define JH7110_SYSRST_TRACE_COM20
+#define JH7110_SYSRST_TRACE_COM20
 #define JH7110_SYSRST_GPU_APB  21
 #define JH7110_SYSRST_GPU_DOMA 22
-#define JH7110_SYSRST_NOC_BUS_APB_BUS  23
+#define JH7110_SYSRST_NOC_BUS_APB  23
 #define JH7110_SYSRST_NOC_BUS_AXICFG0_AXI  24
 #define JH7110_SYSRST_NOC_BUS_CPU_AXI  25
 #define JH7110_SYSRST_NOC_BUS_DISP_AXI 26
@@ -43,17 +43,17 @@
 #define JH7110_SYSRST_NOC_BUS_VDEC_AXI 31
 
 #define JH7110_SYSRST_NOC_BUS_VENC_AXI 32
-#define JH7110_SYSRST_AXI_CFG1_DEC_AHB 33
-#define JH7110_SYSRST_AXI_CFG1_DEC_MAIN34
-#define JH7110_SYSRST_AXI_CFG0_DEC_MAIN35
-#define JH7110_SYSRST_AXI_CFG0_DEC_MAIN_DIV36
-#define JH7110_SYSRST_AXI_CFG0_DEC_HIFI4   37
+#define JH7110_SYSRST_AXI_CFG1_AHB 33
+#define JH7110_SYSRST_AXI_CFG1_MAIN34
+#define JH7110_SYSRST_AXI_CFG0_MAIN35
+#define JH7110_SYSRST_AXI_CFG0_MAIN_DIV36
+#define JH7110_SYSRST_AXI_CFG0_HIFI4   37
 #define JH7110_SYSRST_DDR_AXI  38
 #define JH7110_SYSRST_DDR_OSC  39
 #define JH7110_SYSRST_DDR_APB  40
-#define JH7110_SYSRST_DOM_ISP_TOP_N41
-#define JH7110_SYSRST_DOM_ISP_TOP_AXI  42
-#define JH7110_SYSRST_DOM_VOUT_TOP_SRC 43
+#define JH7110_SYSRST_ISP_TOP  41
+#define JH7110_SYSRST_ISP_TOP_AXI  42
+#define JH7110_SYSRST_VOUT_TOP_SRC 43
 #define JH7110_SYSRST_CODAJ12_AXI  44
 #define JH7110_SYSRST_CODAJ12_CORE 45
 #define JH7110_SYSRST_CODAJ12_APB  46
@@ -61,8 +61,8 @@
 #define JH7110_SYSRST_WAVE511_BPU  48
 #define JH7110_SYSRST_WAVE511_VCE  49
 #define JH7110_SYSRST_WAVE511_APB  50
-#define JH7110_SYSRST_VDEC_JPG_ARB_JPG 51
-#define JH7110_SYSRST_VDEC_JPG_ARB_MAIN52
+#define JH7110_SYSRST_VDEC_JPG 51
+#define JH7110_SYSRST_VDEC_MAIN52
 #define JH7110_SYSRST_AXIMEM0_AXI  53
 #define JH7110_SYSRST_WAVE420L_AXI 54
 #define JH7110_SYSRST_WAVE420L_BPU 55
@@ -75,11 +75,11 @@
 #define JH7110_SYSRST_QSPI_APB 62
 #define JH7110_SYSRST_QSPI_REF 63
 
-#define JH7110_SYSRST_SDIO0_AHB64
-#define JH7110_SYSRST_SDIO1_AHB65
-#define JH7110_SYSRST_GMAC1_AXI66
-#define JH7110_SYSRST_GMAC1_AHB67
-#define JH7110_SYSRST_MAILBOX  68
+#define JH7110_SYSRST_SDIO0_AHB64
+#define JH7110_SYSRST_SDIO1_AHB65
+#define JH7110_SYSRST_GMAC1_AXI66
+#define JH7110_SYSRST_GMAC1_AHB67
+#define JH7110_SYSRST_MAILBOX_APB  68
 #define JH7110_SYSRST_SPI0_APB 69
 #define JH7110_SYSRST_SPI1_APB 70
 #define JH7110_SYSRST_SPI2_APB 71
@@ -94,24 +94,24 @@
 #define JH7110_SYSRST_I2C4_APB 80
 #define JH7110_SYSRST_I2C5_APB 81
 #define JH7110_SYSRST_I2C6_APB 82
-#define JH7110_SYSRST_UART0_APB83
+#define JH7110_SYSRST_UART0_APB83
 #define JH7110_SYSRST_UART0_CORE   84
-#define JH7110_SYSRST_UART1_APB85
+#define JH7110_SYSRST_UART1_APB85
 #define

[PATCH v1 1/4] dt-bindings: clock: jh7110: Sync with Linux

[Hal Feng]

Sync JH7110 clock dt-bindings with Linux, which is the same with
dts/upstream/include/dt-bindings/clock/starfive,jh7110-crg.h
except copyright.

Signed-off-by: Hal Feng 
---
 .../dt-bindings/clock/starfive,jh7110-crg.h   | 180 +++---
 1 file changed, 112 insertions(+), 68 deletions(-)

diff --git a/include/dt-bindings/clock/starfive,jh7110-crg.h 
b/include/dt-bindings/clock/starfive,jh7110-crg.h
index b51e3829ff..4eabb05473 100644
--- a/include/dt-bindings/clock/starfive,jh7110-crg.h
+++ b/include/dt-bindings/clock/starfive,jh7110-crg.h
@@ -5,19 +5,21 @@
  * Author: Yanhong Wang 
  */
 
-#ifndef __DT_BINDINGS_CLOCK_STARFIVE_JH7110_H__
-#define __DT_BINDINGS_CLOCK_STARFIVE_JH7110_H__
+#ifndef __DT_BINDINGS_CLOCK_STARFIVE_JH7110_CRG_H__
+#define __DT_BINDINGS_CLOCK_STARFIVE_JH7110_CRG_H__
 
-#define JH7110_SYSCLK_PLL0_OUT 0
-#define JH7110_SYSCLK_PLL1_OUT 1
-#define JH7110_SYSCLK_PLL2_OUT 2
+/* PLL clocks */
+#define JH7110_PLLCLK_PLL0_OUT 0
+#define JH7110_PLLCLK_PLL1_OUT 1
+#define JH7110_PLLCLK_PLL2_OUT 2
 #define JH7110_PLLCLK_END  3
 
+/* SYSCRG clocks */
 #define JH7110_SYSCLK_CPU_ROOT 0
 #define JH7110_SYSCLK_CPU_CORE 1
 #define JH7110_SYSCLK_CPU_BUS  2
 #define JH7110_SYSCLK_GPU_ROOT 3
-#define JH7110_SYSCLK_PERH_ROOT4
+#define JH7110_SYSCLK_PERH_ROOT4
 #define JH7110_SYSCLK_BUS_ROOT 5
 #define JH7110_SYSCLK_NOCSTG_BUS   6
 #define JH7110_SYSCLK_AXI_CFG0 7
@@ -26,9 +28,9 @@
 #define JH7110_SYSCLK_AHB1 10
 #define JH7110_SYSCLK_APB_BUS  11
 #define JH7110_SYSCLK_APB0 12
-#define JH7110_SYSCLK_PLL0_DIV213
-#define JH7110_SYSCLK_PLL1_DIV214
-#define JH7110_SYSCLK_PLL2_DIV215
+#define JH7110_SYSCLK_PLL0_DIV213
+#define JH7110_SYSCLK_PLL1_DIV214
+#define JH7110_SYSCLK_PLL2_DIV215
 #define JH7110_SYSCLK_AUDIO_ROOT   16
 #define JH7110_SYSCLK_MCLK_INNER   17
 #define JH7110_SYSCLK_MCLK 18
@@ -50,12 +52,12 @@
 #define JH7110_SYSCLK_TRACE2   34
 #define JH7110_SYSCLK_TRACE3   35
 #define JH7110_SYSCLK_TRACE4   36
-#define JH7110_SYSCLK_TRACE_COM37
+#define JH7110_SYSCLK_TRACE_COM37
 #define JH7110_SYSCLK_NOC_BUS_CPU_AXI  38
 #define JH7110_SYSCLK_NOC_BUS_AXICFG0_AXI  39
 #define JH7110_SYSCLK_OSC_DIV2 40
-#define JH7110_SYSCLK_PLL1_DIV441
-#define JH7110_SYSCLK_PLL1_DIV842
+#define JH7110_SYSCLK_PLL1_DIV441
+#define JH7110_SYSCLK_PLL1_DIV842
 #define JH7110_SYSCLK_DDR_BUS  43
 #define JH7110_SYSCLK_DDR_AXI  44
 #define JH7110_SYSCLK_GPU_CORE 45
@@ -64,21 +66,21 @@
 #define JH7110_SYSCLK_GPU_APB  48
 #define JH7110_SYSCLK_GPU_RTC_TOGGLE   49
 #define JH7110_SYSCLK_NOC_BUS_GPU_AXI  50
-#define JH7110_SYSCLK_ISP_TOP_CLK_ISPCORE_2X   51
-#define JH7110_SYSCLK_ISP_TOP_CLK_ISP_AXI  52
+#define JH7110_SYSCLK_ISP_TOP_CORE 51
+#define JH7110_SYSCLK_ISP_TOP_AXI  52
 #define JH7110_SYSCLK_NOC_BUS_ISP_AXI  53
 #define JH7110_SYSCLK_HIFI4_CORE   54
-#define JH7110_SYSCLK_HIFI4_AXI55
-#define JH7110_SYSCLK_AXI_CFG1_DEC_MAIN56
-#define JH7110_SYSCLK_AXI_CFG1_DEC_AHB 57
+#define JH7110_SYSCLK_HIFI4_AXI55
+#define JH7110_SYSCLK_AXI_CFG1_MAIN56
+#define JH7110_SYSCLK_AXI_CFG1_AHB 57
 #define JH7110_SYSCLK_VOUT_SRC 58
 #define JH7110_SYSCLK_VOUT_AXI 59
 #define JH7110_SYSCLK_NOC_BUS_DISP_AXI 60
-#define JH7110_SYSCLK_VOUT_TOP_CLK_VOUT_AHB61
-#define JH7110_SYSCLK_VOUT_TOP_CLK_VOUT_AXI62
-#define JH7110_SYSCLK_VOUT_TOP_CLK_HDMITX0_MCLK63
-#define JH7110_SYSCLK_VOUT_TOP_CLK_MIPIPHY_REF 64
-#define JH7110_SYSCLK_JPEGC_AXI65
+#define JH7110_SYSCLK_VOUT_TOP_AHB 61
+#define JH7110_SYSCLK_VOUT_TOP_AXI 62
+#define JH7110_SYSCLK_VOUT_TOP_HDMITX0_MCLK63
+#define JH7110_SYSCLK_VOUT_TOP_MIPIPHY_REF 64
+#define JH7110_SYSCLK_JPEGC_AXI65
 #define JH7110_SYSCLK_CODAJ12_AXI  66
 #define JH7110_SYSCLK_CODAJ12_CORE 67
 #define JH7110_SYSCLK_CODAJ12_APB  68
@@ -87,8 +89,8 @@
 #define JH7110_SYSCLK_WAVE511_BPU  71
 #define JH7110_SYSCLK_WAVE511_VCE  72
 #define JH7110_SYSCLK_WAVE511_APB  73
-#define JH7110_SYSCLK_VDEC_JPG_ARB_JPG 74

[PATCH v1 0/4] Sync StarFive JH7110 clock and reset dt-bindings with Linux

[Hal Feng]

There are differences in clock / reset dt-bindings between U-Boot and
Linux. Sync them, so it is feasible to use OF_UPSTREAM for StarFive
JH7110 SoC.

Hal Feng (4):
  dt-bindings: clock: jh7110: Sync with Linux
  dt-bindings: reset: jh7110: Sync with Linux
  clk: starfive: jh7110: Sync clock definitions with Linux
  riscv: dts: jh7110: Sync clock and reset definitions with Linux

 .../dts/jh7110-starfive-visionfive-2.dtsi |   6 +-
 arch/riscv/dts/jh7110-u-boot.dtsi |   2 +-
 arch/riscv/dts/jh7110.dtsi|  28 +--
 drivers/clk/starfive/clk-jh7110-pll.c |   6 +-
 drivers/clk/starfive/clk-jh7110.c |  44 ++---
 .../dt-bindings/clock/starfive,jh7110-crg.h   | 180 +++---
 .../dt-bindings/reset/starfive,jh7110-crg.h   | 144 --
 7 files changed, 243 insertions(+), 167 deletions(-)


base-commit: ea722aa5eb33740ae77e8816aeb72b385e621cd0
-- 
2.43.2

Re: Problem with Preview and Export in LyX 2.3.7

[Hal Kierstead via lyx-users]

> On May 29, 2024, at 9:36 PM, Richard Kimberly Heck  wrote:
> 
> On 5/29/24 19:55, Hal Kierstead via lyx-users wrote:
>> All -
>> 
>> Here is a small .lyx file.  If I preview it or export it to pdf the line 
>> lengths are ragged, but if I export it to .tex and then run latex I get good 
>> (maybe not perfect) pdf output.
>> 
>> Can anybody help me? Is this a bug?
> 
> I can't compile it without the enumitem(Inline) module.
> 
> Riki
> 
> 
Here it is.

Thanks,

Hal



enumitem(Inline).module
Description: Binary data


-- 
lyx-users mailing list
lyx-users@lists.lyx.org
http://lists.lyx.org/mailman/listinfo/lyx-users

Problem with Preview and Export in LyX 2.3.7

[Hal Kierstead via lyx-users]

All -

Here is a small .lyx file.  If I preview it or export it to pdf the line 
lengths are ragged, but if I export it to .tex and then run latex I get good 
(maybe not perfect) pdf output. 

Can anybody help me? Is this a bug?

Hal



example.lyx
Description: Binary data
-- 
lyx-users mailing list
lyx-users@lists.lyx.org
http://lists.lyx.org/mailman/listinfo/lyx-users

u-boot and vendor GPL non-compliance

[Hal Martin]

Hello,

I have looked at the mailing list archives and saw that the topic of GPL
compliance has been raised before. [1]

>From my searching it doesn't seem like any of the previous threads on GPL
compliance resulted in the vendor providing the source code or any
conclusive enforcement action happening.

I own several devices from various manufacturers (Cisco, Gigabyte, Siglent)
which use u-boot and for which there was no included written offer for
source code provided with the product. I am reasonably confident the vendor
has not made the u-boot source code publicly available.

For the above vendors, the u-boot GPL source code was requested via various
channels and the request has been either ignored for an extended period of
time (12+ months) after acknowledgement of receipt, or actively declined.

I know that other open-source projects such as busybox are members of the
Software Freedom Conservancy, who represent their copyright holders when
vendors refuse to provide GPL source code. [2]

Does anything similar exist for u-boot/denx?

Kind regards,
Hal Martin

[1] https://lists.denx.de/pipermail/u-boot/2013-February/147191.html

[2] https://sfconservancy.org/projects/current/

Interesting (to me) Compiler checking

[Hal Murray via devel]

While I was working on the extra+port stuff

I had the following code
  bool new_interface;
...
  new_interface = update_interfaces_phase1(NTP_PORT);
  if (extra_port)
new_interface |= update_interfaces_phase1(extra_port);

Note that there is no initialization on new_interface.

I wanted to reverse the order of that pair of calls.  So I just moved 2 lines 
up.  That gives this code.
  bool new_interface;
...
  if (extra_port)
new_interface |= update_interfaces_phase1(extra_port);
  new_interface = update_interfaces_phase1(NTP_PORT);

There are 2 bugs in there.  I didn't initialize new_interface and I left the 
last line as an = rather than changing t to an |=


Fedora, Debian, and Ubuntu didn't complain.  
FreeBSD complained: uninitialized variable on the |=.

The |= is working on an uninitialized variable.  But the following line 
"fixes" whatever was there.


Here is the correct code.

static bool
update_interfaces(void)
{
  bool new_interface = false;
  update_interfaces_phase0();
  if (extra_port)
/* do first so our requests are sent from extra_port */
new_interface |= update_interfaces_phase1(extra_port);
  new_interface |= update_interfaces_phase1(NTP_PORT);
  update_interfaces_phase2();
  update_interfaces_phase3();
  return new_interface;
}




-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: Alternatives to port 123

[Hal Murray via devel]

Richard Laager  said:
> Why two options that do the same thing?

Thanks for asking.  I meant to say something about that.

I think the reason there are two is that I had a typo or such and couldn't get 
>extra port < to work.  After banging my head against the wall for a 
while, I gave up and added the other one.  Eventually I found the typo.

Anybody got good suggestions for what to do here?

Should we split things into two options?
Using only nts port  may not work if we have disabled NTS at configure 
time.  Do we care about that case?

I don't like adding a new top level (extra) to the config file syntax.  There 
is already tinker, but that is all (maybe just mostly) for tweaking geeky 
parameters.  I was looking for a friendly place for a new option.





-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Alternatives to port 123

[Hal Murray via devel]

I've pushed the code for alternatives to port 123.  It's working for me, but 
could use more testing.  You might hit a case I didn't consider.

There are 2 new options for the config file:
  nts port 
  extra port 
They do the same thing.  Pick one.

There are two parts.

If a server uses either, the NTS-KE step will tell the client to use the 
alterante port.  (Be sure your firewall lets that port in.)
If a client uses either, it will send requests from the alternate port.

Note that if both client and server use this feature, neither end will use port 
123 so typical filtering is very unlikely to be a problem.  That does require 
action on both ends.

---

UDP port 123 filtering is still a black art, at least to me.

If you had asked me a few weeks ago, I would have said that AT blocks traffic 
going in to UDP port 123 and traffic going out from UDP port 123.

When I tested the first try at this code, it didn't work.  I was testing with 
port 8123.  Plain NTP (48 bytes) and NTP+AES (68 bytes) from a client using UDP 
port 123 to a server on AT using 8123 worked as expected.  But NTP+NTS (232 
bytes) from port 123 didn't make it in to my server.  Sending from other than 
port 123 worked.  So I added a trivial change to send from the alternate port 
and now it works.  But note that requires changes on both ends.

(I don't know where that new filtering is happening.  It might be some ISP 
between my test client on DigitalOcean and AT)

If anybody gets data on NTP blocking/filtering, please send me details.

Note that for AT, the normal case of an NTP client goes through NAT so NTP 
isn't using port 123 and doesn't get blocked.

--

We should teach the server config stuff to allow:
  server name:port
The complication is that IPv6 literals contain colons.  So we need [] around 
the address literal.  Therer is code in libntp/decodenetnum.c that does much of 
the work, but it also does the DNS lookup so we would have to split that.  
(There is some ugly code someplace in NTS that could get cleaned up after we 
get that working.)

-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Testing

[Hal Murray via devel]

Does anybody test our code on Apple?  Solaris?

Does anybody use any of the fancy interface logic?
  It's available both vie the command line and the config file.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: [lwip-users] LWIP+ FreeRTOS stack crash: pbuf chain keeps increase, not enough space for new header size

[Hal Ashburner]

In lwipopts.h

#define MEMP_MEM_MALLOC (4096)

What happens if you increase that?



On Sat, 20 Apr 2024 at 10:54 AM, Amit Rahman 
wrote:

> Hi all,
>
> I am working on a project using an STM32 Nucleo H563ZI board with lwIP and
> FreeRTOS, and I am facing some issues with the stability of the network
> stack.
>
> After running for a certain period (around 2-3 minutes), the board seems
> to crash or freeze, and I am looking for guidance on how to troubleshoot
> and resolve this problem.
>
>
> Here's a summary of my setup and findings:
>
>1. Development environment:
>   - STM32 Nucleo H563ZI board
>   - lwIP and FreeRTOS integration
>   - Ethernet communication with a local router and computer
>   - Static IP configuration, firewalls disabled
>2. Observations:
>   - The board runs normally for about 2-3 minutes before crashing or
>   freezing.
>   - When sending ping requests from the computer, the board responds
>   to about 30 pings before crashing, with an average round-trip time of
>   10.774 ms, Ethernet looptime of about 10ms
>   - Without ping requests, the board sends out around 45 messages
>   before crashing.
>   - The crash seems to occur during packet processing or memory
>   management.
>3. Debugging findings:
>   - In the serial monitor, after the crash, I noticed the following
>   message: "pbuf_add_header: failed as 0x2002d244 < 0x2002d260 (not enough
>   space for new header size)"
>   - The debugger call stack gets stuck in a specific function
>   callstack where I suspect the assert fails.
>   - [image: image.png]
>   - Where the call stack is:
>
> tcip_try_callback (which is trying to call back pbuf_free_ooseq_callback)
> pbuf_pool_is_empty
> pbug_alloc
>
>- The pbuf length keeps increasing, as seen in the serial monitor
>   logs: "ip4_input: p->len 84 p->tot_len 84" etc etc
>   -
>   - Relevant code:
>   - I have attached the relevant source files, including:
>  - udp.c
>  - ethernetif.c
>  - lwipopts.h
>  - lwipopts_freertos.h
>
> My guess is that upon receipt in ARP probe response from my computer to
> the board and/or the repeated ping requests from my computer, the stack
> eventually runs out of memory, and the pbuf chain length keeps increasing,
> however the issue with deallocating pbufs somewhere its not apparent to me.
>
>
> I suspect that there might be a misconfiguration in the lwIP setup or
> memory management, but I am unsure how to proceed with debugging and
> resolving the issue.
>
> I would greatly appreciate any guidance or suggestions on the following:
>
> I had mostly based my code on the UDP echoserver example
> https://github.com/STMicroelectronics/stm32h5-classic-coremw-apps/blob/main/Projects/NUCLEO-H563ZI/Applications/LwIP/LwIP_UDP_Echo_Server/Core/Src/main.c
>
> Unfortunately, I don't seem to see what I'm missing.
>
> Thank you in advance for your assistance. I look forward to your insights
> and recommendations.
> ___
> lwip-users mailing list
> lwip-users@nongnu.org
> https://lists.nongnu.org/mailman/listinfo/lwip-users
>
___
lwip-users mailing list
lwip-users@nongnu.org
https://lists.nongnu.org/mailman/listinfo/lwip-users

Is anybody using/testing the interface options?

[Hal Murray via devel]

There is an option in the config file and more on the command line.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: Hack for monitoring NTP servers

[Hal Murray via devel]

James Browning said:
> If you were thinking of adding way too many servers you might want to replace
> the bubble sort around lines 1709-1728 of ntp_proto.c 

That code is only sorting the servers that get used.  Anything with noselect 
got tossed back at line 1619.
if (peer_unfit(peer)) {
continue;


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Crappy testing

[Hal Murray via devel]

If you use the extra port stuff I pushed last night, port 123 stops working.

Ugh, blush.  I usually do better than that.



-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

extra port nnnn, nts port nnnn

[Hal Murray via devel]

I just pushed code that optionally listens on a second port.

The NTS-KE server will tell the client to use that port.
Requests going out will be from the new port.

The idea is to bypass ISP filtering on port 123.

Testing encouraged.  I've been testing with
  nts port 8123

Be sure to let traffic on that port through your firewall.

I'm pretty sure I didn't break anything if you don't use this feature.

It hasn't been tested with ethernets that get unplugged and plugged back in or 
wifi that comes and goes or laptops going to sleep...

We should tweak the code so that server foo.example.com:8123 does the obvious 
thing.

-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

CI is broken

[Hal Murray via devel]

I just pushed some code.  The CI stuff sent me a Failed pipeline message.


[0K[31;1mERROR: Job failed: failed to pull image "registry.gitlab.com/gitlab-or
g/gitlab-runner/gitlab-runner-helper:x86_64-v16.11.0" with specified policies 
[always]: Error response from daemon: manifest for 
registry.gitlab.com/gitlab-org/gitlab-runner/gitlab-runner-helper:x86_64-v16.11
.0 not found: manifest unknown: manifest unknown (manager.go:250:0s)

https://gitlab.com/NTPsec/ntpsec/-/jobs/6619973110/raw

There are 9 copies that looked the same to me.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Hack for monitoring NTP servers

[Hal Murray via devel]

If somebody feels like hacking, something like this should be fun.

The idea is to setup a ntpd server watching the servers you want to monitor.  
(noselect on the server line does that)

The new code is a program that watches that server to see if the servers to be 
monitored are responding correctly and sends you email if they aren't.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: What next?

[Hal Murray via devel]

James Browning said:
>> I think we should split ntpd into several independant programs.
>> More in another message.
> I gave up on that notion; I lacked the patience to do it. 

I think we can take small steps.  Or at least some of them.


> Yeah, the IETF NTP WG shot down the notion of NTP alternative port.

It wasn't the NTP WG -- they had a draft RFC ready to go.  The group that 
vetoed it was the group in charge of rationing port assignments.



[testing config file]
> I think somewhere in the middle might be a program that takes config files
> and dumps them into some format that is easy to eyeball and machine parse. 

Internally, there is a parse tree.  But it doesn't contain the comments.

I'm not interested in that, but if you want to work on it, it might be a 
useful utility.


[testing FIPS]
> None of the CI runners support FIPS140-2 at the moment. I don't know how to
> make them either. 

There is a HOWTO-OpenSSL that tells you how to build OpenSSL from source.  
Adding enable-fips to the configure step builds/tests/installs the FIPS 
library too.

The recent FIPS discussion has a recipe for getting libssl to use it.  I 
haven't tried that step yet.


>> I'd like a script that checks the certificates.  When do they expire?
> That sounds like a simple wrapper around 'openssl x509' would work. 

I think it will be something simple like that after we do it.  I've poked 
around a few times but never ended up with anything clean.  The openssl 
command has a blizzard of options.

This just got more important for me.  I fatfingered renewing a certificate and 
a KE server stopped working.  [I did the certbot step but forgot to copy the 
new cert/key over to /etc/ntp/.]


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

[Wiki-research-l] Re: New private, granular pageview dataset

[Hal Triedman]

Hello Kai (and everyone else)!

I've updated these datasets (from 2017-present) to include an additional
column with QID wherever possible. Please let me know if there are any
issues or confusion about the datasets — I'm happy to get on calls,
prioritize dataset improvements, or answer questions on this listserv :)

Happy analyses,
Hal

On Mon, Mar 4, 2024 at 11:47 AM Hal Triedman 
wrote:

> Hi Kai!
>
> Thank you for this reminder — when this dataset was published, there
> wasn't a consistently-updated, stable page ID <--> QID table available
> internally. Now there is. I'll see what I can get done on this in the next
> week or two, and send any updates as soon as I can :)
>
> Thanks again,
> Hal
>
> On Mon, Mar 4, 2024 at 10:04 AM Kai Zhu  wrote:
>
>> Hi,
>>
>> I hope this message finds you well. I'm writing to follow up on our
>> previous discussions about enhancing the pageviews data file by adding a
>> QID column. My collaborator and I have identified several use cases where
>> the ability to match concepts across languages at a large scale is
>> crucial.
>> Given the volume of articles we're working with, relying on API calls for
>> millions of them isn't feasible. Incorporating the QID column would
>> significantly benefit not only our project but also a wide range of
>> potential users who may face similar challenges.
>>
>> Thank you for considering this request. We believe this addition could
>> greatly improve the utility and accessibility of the data for various
>> research and analysis purposes.
>>
>> Best regards,
>> Kai Zhu
>> Assistant Professor
>> Bocconi University
>>
>> On Mon, Jun 26, 2023 at 7:22 PM Hal Triedman 
>> wrote:
>>
>> > Hi Kai!
>> >
>> > Thanks for this suggestion — I'll put it on the list of improvements to
>> > this dataset, and hopefully be able to put it into production in the
>> next
>> > month or two. In the meantime, the example python notebook
>> > <
>> >
>> https://public-paws.wmcloud.org/67457802/private_pageview_data_access.ipynb
>> > >
>> > I linked above has a subsection entitled "Example of joining page_ids
>> and
>> > titles to wikidata QID" that shows how you can retrieve a set of QIDs
>> > manually for a given page ID or title. Hope this helps get you started!
>> >
>> > Thanks again,
>> > Hal
>> >
>> > On Sun, Jun 25, 2023 at 4:30 PM Kai Zhu  wrote:
>> >
>> > > Great dataset! This is amazing. I have no doubt that this will enable
>> a
>> > lot
>> > > of new research endeavors.
>> > >
>> > > If I may have a suggestion: is it possible to also have wikidata id
>> for
>> > > each row? That way we can more conveniently match the same concepts
>> > across
>> > > languages at large scale...
>> > >
>> > > Best,
>> > > Kai Zhu
>> > > Assistant Professor at Bocconi University
>> > >
>> > > On Wed, Jun 21, 2023 at 12:51 PM Hal Triedman <
>> htried...@wikimedia.org>
>> > > wrote:
>> > >
>> > > > Hello world!
>> > > >
>> > > > My name is Hal Triedman, and I’m a senior privacy engineer at WMF. I
>> > work
>> > > > to make data that WMF releases about reading, editing, and other
>> > on-wiki
>> > > > behavior safer, more granular, and more accessible to the world
>> using
>> > > > differential
>> > > > privacy <https://en.wikipedia.org/wiki/Differential_privacy>.
>> > > >
>> > > > Today I’m reaching out to share that WMF has released almost 8 years
>> > > (from
>> > > > 1 July 2015 to present) of privatized pageview data
>> > > > <
>> > > >
>> > >
>> >
>> https://diff.wikimedia.org/2023/06/21/new-dataset-uncovers-wikipedia-browsing-habits-while-protecting-users/
>> > > > >,
>> > > > partitioned by country, project, and page. This data is
>> significantly
>> > > more
>> > > > granular than other datasets we release, and should help
>> researchers to
>> > > > disambiguate both long- and short-term trends within languages on a
>> > > > country-by-country basis — several
>> > > > <https://phabricator.wikimedia.org/T207171> long-standing requests
>> > > > <https://phabricator.wikimedia.org/T2672

Re: What next?

[Hal Murray via devel]

(I found some more notes...)


We should test the config file stuff to see that all the options at least get 
past the parser.  Better would be to actually run the code.

We should check FIPS mode.  Do any of the CI options include FIPS?
I got half way there by building OpenSSL to include FIPS mode but I haven't 
made the config file to use it.



I'd like a script that checks the certificates.  When do they expire?

I'd like a script that finds out who signed a certificate and pokes around in 
my local certificate collection and tells me a filename so I can add that to a 
server line in the config file.  The idea is to make sure that we are using 
the right root-cert rather than one from a CA that was arm twisted by your 
local repressive govt or broken into by the KBG or NSA.



I'd like some code that goes through the NTS-KE dance and prints the answer.  
Extra credit if it can request various options.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Splitting ntpd

[Hal Murray via devel]

Here are the cnhnks I have in mind:
  NTP server
  NTS-KE server

  NTP/NTS client
  refclocks

  monitoring/ntpq


I have debugged the lockclock mode so we now have a stand-alone NTP server.  
It gets the error data from the krenel.  (Or can/should.  I haven't checked 
that code.)  As just a server, ntpd is horribly bloated, but it's enough of a 
proof of concept that we can play with it.

The NTS-KE server needs to cooperate with the NTP server to get cookies.  
That's easy if they are co-packaged.  If we split them up, the KE server can 
read the cookie file and we can scp that to other machines.  It may be cleaner 
to split them when we get to paying attention to DoS-ing.


The key idea with the client side is to use threads.  Each thread would use 
its own socket.  Nobody would be listening on port 123.  That will take a lot 
of work.


I haven't thought much about splitting out refclocks.  I assume they should 
use Unix sockets to talk to the client.  We need some way for 
monitoring/debugging code to watch.  Maybe the data goes in shared memory too. 
 Or maybe the refclock opens several sockets.


For monitoring/ntpq, I think we can use shared memory.  They would be 
read-only by ntpq.  I picture ntpq running in two modes.  For starters, it 
looks directly into shared memory and only works when run on the target 
machine.  Then we split it into two parts connected via the network.

I want a simple and reliable way to update this area.  It's going to take at 
least 2 edits.  One to define the counter and one to bump it.  I picture a text 
file that gets translated into the structs for the code and also for the table 
that ntpq needs.


It isn't really part of splitting ntpd, but I think a clean sntp client will 
fit into this collection.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

What next?

[Hal Murray via devel]

Is anybody thinking about what we should be doing?


Here is my list:

Port to Windows
  Does anybody know anything about Windows?
Is there a decent POSIX environment?
How well does waf work on Windows?
  We can get the magic code from ntp-classic.

I think we should split ntpd into several independant programs.
  More in another message.

I think we need a good SNTP client.  Something like the old ntpdate.
  I'm looking for a clean example.
  This would be a good opportunity to experiment with Go and/or Rust.

Getting off the ground.
  There is a chicken-egg problem with getting started when using NTS.  TLS 
needs the time to check certificates.  I think we can do something like skip 
the date part of certificate checking, then come back and see if the 
certificates pass the date-check after we have a candidate date.

Alternate port for use with NTS.
  There is a lot of blocking/filtering on port 123.  NTS-KE includes 
specifying the port to use.  We should be able to listen on another port too.  
I haven't looked carefully.  This feels like medium complexity.

-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

RE: [PATCH] riscv: dts: jh7110: Enable PLL node in SPL

[Hal Feng]

> On 06.03.24 11:00, Bo Gan wrote:
> 
> Previously PLL node was missing from SPL dts. This caused BUS_ROOT to stay on
> OSC clock (24Mhz). As a result, all peripherals have to run at a much lower
> frequency, and loading from sdcard/emmc is slow.
> Thus, enabling PLL node in dts to fix this.
> 
> Signed-off-by: Bo Gan 

Reviewed-by: Hal Feng 

[Wiki-research-l] Re: New private, granular pageview dataset

[Hal Triedman]

Hi Kai!

Thank you for this reminder — when this dataset was published, there wasn't
a consistently-updated, stable page ID <--> QID table available internally.
Now there is. I'll see what I can get done on this in the next week or two,
and send any updates as soon as I can :)

Thanks again,
Hal

On Mon, Mar 4, 2024 at 10:04 AM Kai Zhu  wrote:

> Hi,
>
> I hope this message finds you well. I'm writing to follow up on our
> previous discussions about enhancing the pageviews data file by adding a
> QID column. My collaborator and I have identified several use cases where
> the ability to match concepts across languages at a large scale is crucial.
> Given the volume of articles we're working with, relying on API calls for
> millions of them isn't feasible. Incorporating the QID column would
> significantly benefit not only our project but also a wide range of
> potential users who may face similar challenges.
>
> Thank you for considering this request. We believe this addition could
> greatly improve the utility and accessibility of the data for various
> research and analysis purposes.
>
> Best regards,
> Kai Zhu
> Assistant Professor
> Bocconi University
>
> On Mon, Jun 26, 2023 at 7:22 PM Hal Triedman 
> wrote:
>
> > Hi Kai!
> >
> > Thanks for this suggestion — I'll put it on the list of improvements to
> > this dataset, and hopefully be able to put it into production in the next
> > month or two. In the meantime, the example python notebook
> > <
> >
> https://public-paws.wmcloud.org/67457802/private_pageview_data_access.ipynb
> > >
> > I linked above has a subsection entitled "Example of joining page_ids and
> > titles to wikidata QID" that shows how you can retrieve a set of QIDs
> > manually for a given page ID or title. Hope this helps get you started!
> >
> > Thanks again,
> > Hal
> >
> > On Sun, Jun 25, 2023 at 4:30 PM Kai Zhu  wrote:
> >
> > > Great dataset! This is amazing. I have no doubt that this will enable a
> > lot
> > > of new research endeavors.
> > >
> > > If I may have a suggestion: is it possible to also have wikidata id for
> > > each row? That way we can more conveniently match the same concepts
> > across
> > > languages at large scale...
> > >
> > > Best,
> > > Kai Zhu
> > > Assistant Professor at Bocconi University
> > >
> > > On Wed, Jun 21, 2023 at 12:51 PM Hal Triedman  >
> > > wrote:
> > >
> > > > Hello world!
> > > >
> > > > My name is Hal Triedman, and I’m a senior privacy engineer at WMF. I
> > work
> > > > to make data that WMF releases about reading, editing, and other
> > on-wiki
> > > > behavior safer, more granular, and more accessible to the world using
> > > > differential
> > > > privacy <https://en.wikipedia.org/wiki/Differential_privacy>.
> > > >
> > > > Today I’m reaching out to share that WMF has released almost 8 years
> > > (from
> > > > 1 July 2015 to present) of privatized pageview data
> > > > <
> > > >
> > >
> >
> https://diff.wikimedia.org/2023/06/21/new-dataset-uncovers-wikipedia-browsing-habits-while-protecting-users/
> > > > >,
> > > > partitioned by country, project, and page. This data is significantly
> > > more
> > > > granular than other datasets we release, and should help researchers
> to
> > > > disambiguate both long- and short-term trends within languages on a
> > > > country-by-country basis — several
> > > > <https://phabricator.wikimedia.org/T207171> long-standing requests
> > > > <https://phabricator.wikimedia.org/T267283> from Wikimedia
> > communities.
> > > >
> > > > Due to various technical factors, there are three distinct datasets:
> > > >
> > > >-
> > > >
> > > >1 July 2015 – 8 Feb 2017
> > > ><
> > > >
> > >
> >
> https://analytics.wikimedia.org/published/datasets/country_project_page_historical_pre_2017/
> > > > >
> > > >/ README
> > > ><
> > > >
> > >
> >
> https://analytics.wikimedia.org/published/datasets/country_project_page_historical_pre_2017/00_README.html
> > > > >
> > > >(publishing threshold [1]: 3,500 pageviews)
> > > >-
> > > >
> > > >9 Feb 2017 – 5 Feb 2023
> > > >

FreeBSD is phasing out support for 32 bit systems

[Hal Murray via devel]

Future of 32-bit platform support in FreeBSD

FreeBSD is deprecating 32-bit platforms over the next couple of major
releases.  We anticipate FreeBSD 15.0 will not include the armv6,
i386, and powerpc platforms, and FreeBSD 16.0 will not include armv7.
Support for executing 32-bit binaries on 64-bit kernels will be
retained through at least the lifetime of the stable/16 branch if not
longer.  (There is currently no plan to remove support for 32-bit
binaries on 64-bit kernels.)


Whole thing:
  https://lists.freebsd.org/archives/freebsd-announce/2024-February/000117.html


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: [mailop] Why is mail forwarding such a mess?

[Hal Murray via mailop]

m...@dorfdsl.de said:
> Bypassing spam checking would make spammers use exactly that way to send
> spam. 

Sorry I wasn't clear enough.

My "handshke to set things up" was meant to keep out spammers.

The idea was that the final receiving MTA would know that it was expecting 
forwarded mail for user@domain from a set of IP addresses.

I was picturing something like:
  user goes to final MTA and says I want you to accept forwarded mail for me 
from example.com
  then he goes to example.com and says "please forward my mail to 
m...@final.com"
example.com would then contact final.com and say "OK if I forward me's mail to 
you?"
If yes, then example.com says "Here are the IP addresses I use for 
forwarding"


-- 
These are my opinions.  I hate spam.



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Why is mail forwarding such a mess?

[Hal Murray via mailop]

I expect that there would be a protocol to handle it.  I can't be the only one 
who has thought of this.  After a handshke to set things up, the sender adds a 
forwarding header and the receiver verifies that a forwarded message is coming 
from an allowed IP Address then bypasses spam checking for that message.  (but 
not phish/malware checking???)

Is there a technical reason why something like that doesn't work?  Or some 
economic/policical reason why too many key players aren't interested?

-- 
These are my opinions.  I hate spam.



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: RIP Dave Mills

[Hal Murray]

Word got out a week ago with a message from Vint cerf to the internet-history 
list.

The thread Vint started is here:
  https://elists.isoc.org/pipermail/internet-history/2024-January/009265.html

Vint is collecting anecdotes here:

Many good stories...  So much more than NTP.



-- 
These are my opinions.  I hate spam.

Re: Which manual has appendix details?

[Hal Kierstead via lyx-users]

> On Jan 19, 2024, at 2:54 PM, Scott Kostyshak  wrote:
> 
> On Fri, Jan 19, 2024 at 02:32:21PM -0700, Hal Kierstead via lyx-users wrote:
>> 
>> 
>>> On Jan 19, 2024, at 9:33 AM, Rich Shepard  wrote:
>>> 
>>> On Fri, 19 Jan 2024, Paul Rubin wrote:
>>> 
>>>> Section 6.4 of the User's Guide is titled "Appendices". It's rather brief,
>>>> so I don't know if it will answer your question(s).
>>> 
>>> Paul,
>>> 
>>> Thank you. When I scanned the sections in Chapter 6 I missed that one.
>>> 
>>> Regards,
>>> 
>>> Rich
>>> -- 
>>> lyx-users mailing list
>>> lyx-users@lists.lyx.org
>>> http://lists.lyx.org/mailman/listinfo/lyx-users
>> 
>> I often find myself looking through several manuals trying to find 
>> information. It would be much better if I could make a single search of all 
>> manuals. Maybe there is a way and I just do not know it.
> 
> Open up advanced find and click on the "settings" tab. Then choose "All 
> manuals".
> 
> Scott
> -- 
> lyx-users mailing list
> lyx-users@lists.lyx.org
> http://lists.lyx.org/mailman/listinfo/lyx-users

Very nice Scott. I thought there might be a good way of doing this.
Hal
-- 
lyx-users mailing list
lyx-users@lists.lyx.org
http://lists.lyx.org/mailman/listinfo/lyx-users

Re: Which manual has appendix details?

[Hal Kierstead via lyx-users]

> On Jan 19, 2024, at 9:33 AM, Rich Shepard  wrote:
> 
> On Fri, 19 Jan 2024, Paul Rubin wrote:
> 
>> Section 6.4 of the User's Guide is titled "Appendices". It's rather brief,
>> so I don't know if it will answer your question(s).
> 
> Paul,
> 
> Thank you. When I scanned the sections in Chapter 6 I missed that one.
> 
> Regards,
> 
> Rich
> -- 
> lyx-users mailing list
> lyx-users@lists.lyx.org
> http://lists.lyx.org/mailman/listinfo/lyx-users

I often find myself looking through several manuals trying to find information. 
It would be much better if I could make a single search of all manuals. Maybe 
there is a way and I just do not know it.

Hal
-- 
lyx-users mailing list
lyx-users@lists.lyx.org
http://lists.lyx.org/mailman/listinfo/lyx-users

FYI: Dave Mills has passed away

[Hal Murray via devel]

On Thu, Jan 18, 2024 at 08:35:14PM -0500, vinton cerf via Internet-history 
wrote:
> His daughter, Leigh, just sent me the news that Dave passed away peacefully
> on January 17, 2024. He was such an iconic element of the early Internet.
> Network Time Protocol, the Fuzzball routers of the early NSFNET, INARG
> taskforce lead, COMSAT Labs and University of Delaware and so much more.
> 
> R.I.P.
> vint
> -- 
> Internet-history mailing list
> internet-hist...@elists.isoc.org
> https://elists.isoc.org/mailman/listinfo/internet-history


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

[mailop] Displaying logos

[Hal Murray via mailop]

Robert L Mathews said:
> I hope nobody creates MUA features that show non-BIMI logos in the same space
> as BIMI logos (or that make it difficult for users to notice the difference,
> such as a tiny padlock superimposed on it sometimes). 

Superimposing something to indicate validity won't work.  The bad guys can 
just use a "logo" with that mark already installed.

It might work to put a gold border around checked logos and a black/red dashed 
line around non-validated logos.

Another possibility would be to differentiate by size, shape, or location.



-- 
These are my opinions.  I hate spam.



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[MARMAM] New publication: Sperm whale clans and human societies

[Hal Whitehead]

The following paper has just been published:

Whitehead, H., 2024. Sperm whale clans and human societies. Royal Society Open 
Science

It is open access and available at:

https://royalsocietypublishing.org/doi/full/10.1098/rsos.231353

Abstract:

Sperm whale society is structured into clans that are primarily distinguished 
by vocal dialects, which may be symbolic markers of clan identity. However, 
clans also differ in non-vocal behaviour. These distinctive behaviours, as well 
as clan membership itself, are learned socially, largely within matrilines. The 
clans can contain thousands of whales and span thousands of kilometres. Two or 
more clans typically use an area, but the whales only socialize with members of 
their own clan. In many respects the closest  arallel may be the 
ethno-linguistic groups of humans. Patterns and processes of human prehistory 
that may be instructive in studying sperm whale clans include: the extreme 
variability of human societies; no clear link between modes of resource 
acquisition and social structure; that patterns of vocalizations may not map 
well onto other behavioural distinctions; and that interacting societies may 
deliberately distinguish their behaviour (schismogenesis). Conversely, while 
the two species and their societies are very different, the existence of very 
large-scale social structures in both sperm whales and humans supports some 
primary drivers of the phenomenon that are common to both species (such as 
cognition, cooperation, culture and mobility) and contraindicates others (e.g. 
tool-making and syntactic language).


Hal Whitehead, Dalhousie University (hwhit...@dal.ca)
___
MARMAM mailing list
MARMAM@lists.uvic.ca
https://lists.uvic.ca/mailman/listinfo/marmam

Re: lyx 2.3.7 running on a Mac Ventura 13.6.1

[Hal Kierstead via lyx-users]

For those who need to introduce students to LaTex, Overleaf is very useful, 
especially because there is no overhead, but it in no way replaces LyX.

Hal

> On Jan 10, 2024, at 2:07 PM, Eberhard W Lisse  wrote:
> 
> I have looked at overleaf when I saw a presentation at the last TUG
> Meeting in Bonn (where I presented about LyX/LaTeX/typst) and am
> totally unimpressed.
> 
> el
> 
> On 10/01/2024 16:12, markhsalmon wrote:
> [...]
>> Ps. Cambridge has just bought all faculty and in fact students
>> licences for Overleaf professional which is the alternative now … I
>> want to continue with Lyx but the lack of proper Mac support is
>> making this decision difficult.
> [...]
> 
> -- 
> lyx-users mailing list
> lyx-users@lists.lyx.org
> http://lists.lyx.org/mailman/listinfo/lyx-users

-- 
lyx-users mailing list
lyx-users@lists.lyx.org
http://lists.lyx.org/mailman/listinfo/lyx-users

Re: Addressing the Python 2, AsciiDoc classic, and AsciiDoc 3 tangle

[Hal Murray via devel]

I have no strong opinions on this area.

I won't grumble if our doc stuff doesn't build on Python2 as long as we have a 
copy of the doc on the web.  Or somebody who really wants their own can build 
it on a more modern system and copy the files over.





-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: Error while exporting format: \converter

[Hal Kierstead via lyx-users]

> On Jan 6, 2024, at 6:36 PM, Steve Litt  wrote:
> 
> Hal Kierstead via lyx-users said on Sat, 6 Jan 2024 08:14:34 -0700
> 
>> All -
>> 
>> I got this message,  "Error while exporting format: \converter”, when
>> trying to view a master document. It has happened in the past, but I
>> forget how to correct it. Can someone help?
> 
> Your first step is to copy the document and reduce it to an MWE. An MWE
> is the tiniest possible document that still reproduces the symptom.
> Armed with the MWE, you can either troubleshoot it yourself or actually
> get help.
> 
> HTH,
> 
> SteveT
> 
> Steve Litt 
> 
Steve -
Pauls’s comment was enough for me to fix the problem. It had nothing to do with 
MWE’s:
> What format are you using to view the document, and do you have a converter 
> set up for that format?
Hal
-- 
lyx-users mailing list
lyx-users@lists.lyx.org
http://lists.lyx.org/mailman/listinfo/lyx-users

Re: Error while exporting format: \converter----Thanks

[Hal Kierstead via lyx-users]

Paul -

Many thanks; your question was enough for me to find the problem. For some 
reason, the Default Output Format with tex fonts was blank—I fixed this. I have 
no idea how this happened all of a sudden. Anyway it works now.

Hal

> On Jan 6, 2024, at 9:20 AM, Paul Rubin  wrote:
> 
> 
> 
> On 1/6/24 10:14, Hal Kierstead via lyx-users wrote:
>> All -
>> 
>> I got this message,  "Error while exporting format: \converter”, when trying 
>> to view a master document. It has happened in the past, but I forget how to 
>> correct it. Can someone help?
>> 
>> I am using Lyx 2.3.7 on with MacOS: 11.7.10.
>> 
>> Thanks,
>> 
>> Hal
> What format are you using to view the document, and do you have a converter 
> set up for that format?
> 
> Paul
> 
> -- 
> lyx-users mailing list
> lyx-users@lists.lyx.org
> http://lists.lyx.org/mailman/listinfo/lyx-users

-- 
lyx-users mailing list
lyx-users@lists.lyx.org
http://lists.lyx.org/mailman/listinfo/lyx-users

Error while exporting format: \converter

[Hal Kierstead via lyx-users]

All -

I got this message,  "Error while exporting format: \converter”, when trying to 
view a master document. It has happened in the past, but I forget how to 
correct it. Can someone help?

I am using Lyx 2.3.7 on with MacOS: 11.7.10.

Thanks,

Hal
-- 
lyx-users mailing list
lyx-users@lists.lyx.org
http://lists.lyx.org/mailman/listinfo/lyx-users

Re: NTPsec 1.2.3 released

[Hal Murray via devel]

Fred Wright said:
[context is my reply to the released message.]
> For some reason the antecedent to this message wasn't sent to the list,
> though I'd noticed the release by checking the repo. 

My copy was sent to:
  Subject: NTPsec 1.2.3 released
  From: Matthew Selsky via announce 
  Date: Sun, 31 Dec 2023 06:50:59 + (Sat 22:50 PST)
  To: , , 

I'm on all 3 lists but only got one copy to announce.

It's in the announce archives, but not users or devel.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: NTPsec 1.2.3 released

[Hal Murray via devel]

Thanks.


and thanks to all who contributed and tested.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

[LEAPSECS] UT1 offset

[Hal Murray]

>>> . Please keep DUT1 less than 100 seconds.
>> They /really/ dont want to ever see a leapsecond or leapminute, do they ?
> I'd love for them to have 6 digits for the offset..  .99.

Why try to make that field big enough?  Why not just drop it?

Who uses DUT1 via radio?  Who will be using it 50 years from now?

Is it needed for anything other than navigation and astronomy?  I assume 
astronomers will have a network connection.  Do ships listen to WWV or similar 
to get DUT1?

How many ships are big enough to need DUT1 for navigation yet small enough 
that they don't have GPS?


Another option would be to drop the high digits.  Fill them in with firmware 
the same way that software now fixes GPS WNRO glitches.  (That would take an 
extra line of code if you have to go both forward and backward.)  2 digits of 
seconds would be good for 50 old-leaps either way.  Or you could make it 75 
one way and 25 the other...

-

I poked >Who uses DUT1?< into Google.

It found:
  https://www.ucolick.org/~sla/navyls/0907.html
  Who uses DUT1?
  From: Tom Van Baak 
  Date: Sat, 30 Jul 2005 10:18:42 -0700

The by-thread index doesn't show that thread.  Google found Steve Allen's 
reply.
  https://www.ucolick.org/~sla/navyls/0900.html
  Re: Who uses DUT1?
  From: Steve Allen 
  Date: Sat, 30 Jul 2005 23:31:52 -0700
Both are in the by-date index.

Steve discussed astronomy and navigation.


-- 
These are my opinions.  I hate spam.



___
LEAPSECS mailing list
LEAPSECS@leapsecond.com
https://pairlist6.pair.net/mailman/listinfo/leapsecs

Re: Regression in OpenBSD

[Hal Murray via devel]

>> Please say more about your Mac patches?
> The patches come in two categories:
> Fallback for missing clock_gettime() and clock_settime().

My copy of OpenBSD 7.4 has clock_gettime() and clock_settime().
So we can take the first step without changing that area.


The timex stuff will be a bit more complicated.  They have something to set the 
drift.  I forget what it is called.What ntp_adjtime() does is kick the 
drift by 500 PPM for as long as it takes to make the target adjustment.  We can 
fake that.  It won't be as good as as doing it in the kernel.  It will be fun 
to measure.

-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: Regression in OpenBSD

[Hal Murray via devel]

Let's put that stuff on the back burner until the release is out.


> Ntpsec doesn't fully support OpenBSD anyway, due to the lack of "timex"
> (though my Mac patches fix that), and the fact that OpenBSD provides
> LibreSSL rather than OpenSSL, but the 1.2.2a "Mac" version did build with
> --disable-nts. 

Please say more about your Mac patches?  Does ntpd work?


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: Missing clockwork

[Hal Murray via devel]

James said:
> It sounds like a race condition in our wscript files or waf. How willing are
> you to sink time into this, I think it's a losing proposition. 

I've got a --jobs=1 in my script.  That was added to make sure the printout 
was easy to read when there were compiler errors.

I'm willing to invest some time on this but I don't have any ideas on what to 
do.

Note that it was building 3 copies of clockwork
  [  1/137] Compiling libntp/clockwork.c
  [  2/137] Compiling libaes_siv/aes_siv.c
  [  3/137] Compiling libntp/clockwork.c
  [  4/137] Compiling libntp/clockwork.c
I only expect 2
  ./test-classic/main/libntp/clockwork.c.2.o
  ./test-doc/main/libntp/clockwork.c.1.o
  ./test-doc/main/libntp/clockwork.c.2.o
  ./libntp/clockwork.c


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Missing clockwork

[Hal Murray via devel]

Anybody recognize this?  I've seen a missing file once before.  I think it was 
clockwork.??

It works if I try it again.

Waf: Entering directory `/home/murray/ntpsec/raw/test-all/main'
--- PYTHONPATH is not set, loading the Python ntp library may be troublesome 
---
[  1/137] Compiling libntp/clockwork.c
[  2/137] Compiling libaes_siv/aes_siv.c
[  3/137] Compiling libntp/clockwork.c
[  4/137] Compiling libntp/clockwork.c
[  5/137] Compiling libntp/ntp_endian.c
[  6/137] Compiling libntp/macencrypt.c
[  7/137] Compiling libntp/isc_net.c
[  8/137] Compiling libntp/isc_interfaceiter.c
[  9/137] Compiling libntp/initnetwork.c
[ 10/137] Compiling libntp/getopt.c
[ 11/137] Compiling libntp/timespecops.c
Waf: Leaving directory `/home/murray/ntpsec/raw/test-all/main'
Build failed
-> missing file: '/home/murray/ntpsec/raw/test-all/main/libntp/clockwork.c.1.o'


[murray@hgm raw]$ find . -name clockwork*
./test-all/main/libntp/clockwork.c.1.o
./test-minimal/main/libntp/clockwork.c.1.o
./test-minimal/main/libntp/clockwork.c.2.o
./test-classic/main/libntp/clockwork.c.1.o
./test-classic/main/libntp/clockwork.c.2.o
./test-doc/main/libntp/clockwork.c.1.o
./test-doc/main/libntp/clockwork.c.2.o
./libntp/clockwork.c
./hgm/main/libntp/clockwork.c.1.o
./hgm/main/libntp/clockwork.c.2.o
./test-default/main/libntp/clockwork.c.1.o
./test-default/main/libntp/clockwork.c.2.o


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: Release

[Hal Murray via devel]

Fred Wright said:
> I also stumbled across something (which may not be new) where it appears
> that if libaes_siv is installed as a system library, it's preferred over the
> bundled version.  That probably doesn't change the actual behavior, but may
> lead to opportunistic builds. 

That seems worth fixing.

I don't think we should hold up the release unless somebody fixes it in the 
next day or two.

-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: Release

[Hal Murray via devel]

Fred Wright said:
> The main issue I've found is that the "struct var" in ntp_control.c, is
> relying on anonymous unions, which are a relatively new language feature.

That is my attempt at getting a sane procedure for adding slots to the table.  
The old scheme required coordinated edits in several places and there was no 
checking that you got them right.

> Turning the "p_" and "p2_" prefixes into names of the union instances  seems
> fairly reasonable (e.g., "p_time" becomes "p.time"), but would  require
> changing the initializers.  I'd be willing to look into that if  I'm not
> wasting my time.

I think I just fixed that.  I'll push in a while after more local testing.


> There are also a bunch of warnings with some compilers, which might be  worth
> looking at.  They're often fairly easy to fix, and sometimes indicate actual
> problems. 

Which compilers?  Or rather which OS/distros?

Can we set things up so that the gitlab CI stuff tells us about warnings?

James suggested adding the compiler flag that turns warnings into errors.  
That won't work on the old old version of Bison that has a missing default or 
something like that.



-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

[NNagain] Starlink

[Hal Murray via Nnagain]

Frantisek Borsik said:
> The only way to deliver it to them in a reasonable timeframe is Starlink. 

What sort of bandwidth/latency do I get from Starlink if I'm the only user in 
a large area?

The spectrum is shared.  Does the bandwidth per user go down as more users in 
the antenna footprint become active?  How many users per square mile/km can 
Starlink support at the current target bandwidth?  ...

What fraction of the country is rural enough that it won't get fiber?  How 
much of that is sparse enough so that Starlink will work?

What should I be asking?


-- 
These are my opinions.  I hate spam.



___
Nnagain mailing list
Nnagain@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/nnagain

Re: Certificate geekery

[Hal Murray via devel]

Thanks.

> If that's a thing you want to do on your system, you can. IMHO, it's not
> something that we particularly need to promote, nor would I find it
> desirable operationally. If my NTP server changes their CA provider,  then I
> won't be able to talk to them any more until I take manual action  to adjust
> the pin. 

I was assuming there would be a script that would do the work, say run as a 
cron job.  Probably send you email so you can do the actual edit.


> Yes, that's how the CA ecosystem works. That is absolutely a threat.  Keep in
> mind that if a CA gets caught doing that, they will get the CA  death
> penalty, ending their money printing business.

Some CAs are run by governments.  That area gets messy.

There was a news item recently (month or 3??) about a Russian social media 
server located in a German cloud provider that got MITM-ed.  The bad guys got 
a Let's Encrypt certificate.  They could do that by just stealing the IP 
Address for a few minutes which only takes one insider at the hosting service.

Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service
  https://thehackernews.com/2023/10/researchers-uncover-wiretapping-of-xmpp.htm
l

I can't tell how paranoid to be.  It would be nice if we didn't depend on all 
the root certificates.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: What does gitlab's "Successful pipeline" mean?

[Hal Murray via devel]

James said:
> Maybe we should add -Werror or such to CFLAGS.

Sounds like a good idea to me.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

What does gitlab's "Successful pipeline" mean?

[Hal Murray via devel]

Does that mean no warnings?

If not, how are we expected to learn about code that generates warnings on 
obscure systems?



-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Any Coverity wizards?

[Hal Murray via devel]

I expect the comment on the previous line to tell Coverity to not complain 
about this case.

Is there a typo or such that I'm missing?

149/* coverity[checked_return] */
  CID 462307 (#1 of 1): Unchecked return value (CHECKED_RETURN)
  15. check_return: Calling CMAC_Update without checking return value (as is 
done elsewhere 5 out of 6 times).
150CMAC_Update(cmac_ctx, data, (unsigned int)datalen);

-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: Release

[Hal Murray via devel]

> I'll aim to release ~15-Dec-2023

Sounds good.  Thanks.


> I'm thinking about AES becoming the new default for ntpq, etc.

I got a few a day or so ago.  I missed that one.  I'll get it tonight.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: How does the parser work?

[Hal Murray via devel]

James said:
>The host phase of Waf build generates tablegen which in turn generates
>keywords.h IIRC. I have no idea how the internals work.

I took a look at the code.

It looks like there are 2 tables of keywords, one in ntp_keyword.h (build by 
keyword-gen) and another in ntp_parser.y.  Because the tokens in each table 
look so similar, my brain jumped to the conclusion that they were parallel.  
Wrong.

The values of the corresponding tokens are different.  I don't know how the 
values from the keyword table get translated into parser values.

The parser table also has a few extra entries like integer and string.


keyword.h is more than just a list of keywords.  It's also table/tree of steps 
along the way of recognizing a keyword:
  S_ST( 's',3,  675,   422 ), /*   674 tru   */
  S_ST( 't',3,  676, 0 ), /*   675 trus  */
  S_ST( 'e',3,  677, 0 ), /*   676 trust */
  S_ST( 'd',3,  678, 0 ), /*   677 truste*/
  S_ST( 'k',3,  679, 0 ), /*   678 trusted   */
  S_ST( 'e',3,  423, 0 ), /*   679 trustedk  */


Anyway, I think extra "keywords" in the parser table are just useless.  The 
parser will never get there because the keyword table doesn't know about them.

When we run out of better things to do, we should make a config file that uses 
all the keywords so we can make sure they work and are all useful.



-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: [chrony-dev] Chrony and leap-second table expiration

[Hal Murray]

mlich...@redhat.com said:
>> * If Chrony reads leap-seconds.list should it also look at the
>> leap second expiration and reject old files?
> As currently chrony works, there would be no functional difference between
> rejecting old file and using old file unless someone was interested in
> replaying old leap seconds. 

If you know that the data in the file covers "now", you can ignore the 
leap-pending in NTP packets from servers.

If you know that the file has expired, you can keep track of leap-pending from 
servers and if you get more than x% or more than N (that agree) you can 
believe that a leap will happen soon and pass that to the kernel.



-- 
These are my opinions.  I hate spam.




-- 
To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" 
in the subject.
For help email chrony-dev-requ...@chrony.tuxfamily.org with "help" in the 
subject.
Trouble?  Email listmas...@chrony.tuxfamily.org.

How does the parser work?

[Hal Murray via devel]

ntp_parser.y contqains:

%token T_Tinker
%token T_Tlsciphers
%token T_Tlsciphersuites

I'd expect those tokens to come from the keywords header file.
But tlsciphers isn't in the keyword list.
tlscipehrswuites is in the list.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Asciidoc question

[Hal Murray via devel]

What does the $$ after the +aga+ do?

|+year+|One generation file element is generated per year.
The filename  suffix consists of a dot and a 4 digit year number.
|+age+$$   |This type of file generation sets changes to a new element 
of
the file set every 24 hours of server operation. The filename


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: Release

[Hal Murray via devel]

Gary said:
> DO you have an account on: https://scan.coverity.com/
> If so, I think I can add you to the project. 

Thanks.  I think i worked.

How does their stuff work?  How often do they check NTPsec?
  Or what should I be asking?
How much mail should I expect?  ...

There are 3 Coverity quirks.  I'll go fix the filegen one.

Should I push the fix?  That will require more testing.

-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: Release

[Hal Murray via devel]

Gary said:
> Uh, not quite.  Check the Coverity stuff.

How do I do that?

I'd expect something to send me email but I don't remember anything about 
Coverity.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Certificate geekery

[Hal Murray via devel]

I'm working on devel-TODO-NTS.  (mostly deleting things)

Currently, if a bad guy hacks or arm-twists a certificate authority, they can 
sign a certificate that the bad guy can use for a MITM attack.

We can make that a lot harder if we lookup the current root certificate that a 
server is currently using, find that certificate in a system's root cert 
collection, and add a ca xxx to the server line.  That doesn't take any 
changes to ntpd.

It needs some script hacking.  I think the openssl command can handle much of 
the details.

Is that called pinning?  If not, is there a term for it?
Wiki has a page for a related proposal: 
  https://en.wikipedia.org/wiki/Certificate_pinning

Is this interesting?

Anybody interested in writing that script?

--

There is another tangle with verifying certificates.  OCSP
Is that interesting?
  https://en.wikipedia.org/wiki/OCSP



-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Release

[Hal Murray via devel]

I think you should release what we have as soon as it is convenient.

There are many more things I would like to include but we aren't making much 
progress so it's time to do it.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: [mailop] salesforce phishing emails

[Hal Murray via mailop]

Giovanni Bechis said:
> I maintain an ESP rbl that includes SalesForce bad customers,

How well does that work?

This month, I have 6 copies of the same crap:
  After reviewing your company's profile, we believe that
  your knowledge and experience will be beneficial to the
  projects that ARAMCO is working on in this 2023 and 2024 session

Another one in Sep.

All from Salesforce.  All different vendors.

All sent to an address that hasn't sent anything for 2 years but was/is on 
lots of spammer lists.

Just in case anybody isn't sure, I don't have a company and I don't know 
anything about the oil business.


-- 
These are my opinions.  I hate spam.



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Re: [Git][NTPsec/ntpsec][master] Fix mode 6 client to round up to 4 bytes (was 8)

[Hal Murray via devel]

> Does the comment on line 880 also need to be updated?

Good catch.  Thanks.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Documentation tangle

[Hal Murray via devel]

We have a mix of man pages and web pages.

I think all the man pages have a web version generated from the same source.  
There are some/many web pages without the corresponding man page.

Debian includes the web pages in ntpsec-doc

Fedora doesn't have a separate doc package for ntpsec.
Their ntpsec package includes the man pages but not the web pages.

I haven't checked what FreeBSD does.

What should we do if a man page wants to refer to a html only page?


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: I/we need a lesson in git and/or gitlab and/or merge requests

[Hal Murray via devel]

Fred Wright said:
> In general, it's a good idea to read an actual book on git, rather than
> trying to understand it purely through manpages.  The one I used (almost a
> decade ago) is this one:

>   https://www.amazon.com/gp/product/1449316387/ 

Thanks.  I like books.

There is a 3rd edition out now.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: [NNagain] Fwd: separable processes for live in-person and live zoom-like faces

[Hal Murray via Nnagain]

rjmcmahon said:
> The human brain is way too complicated to make simplified analysis like  this
> is the latency required. It's a vast prediction machine and much,  much more.

I agree that the brain is very complex, but it isn't a total mystery.  We can 
measure some things and work out some timing requirements.

Examples:

Movies/TV have a minimum frame rate to avoid flicker.

Phone systems have a max round trip latency.
(I think back in the days of satellites, they decided that one sat link was OK 
but 2 was too long.)

You can measure the time to push a button after a light goes on.
That's tangled up with hand/eye coordination for catching a ball or using a 
mouse.


I get (slightly) annoyed by the delay when news shows switch to a (very) 
remote reporter.

I see no reason why a latency requirement couldn't be worked out for something 
like a Zoom meeting.


-- 
These are my opinions.  I hate spam.



___
Nnagain mailing list
Nnagain@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/nnagain

SHA1 or SHA-1?

[Hal Murray via devel]

I'm looking into making our documentation consistent.

NIST and Wikipedia use SHA-1.

Ages ago. ntpkeygen used SHA1.

OpenSSL seems to prefer SHA1, but it has an alias for SHA-1.


To list the digests:
  openssl dgst -list


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

I/we need a lesson in git and/or gitlab and/or merge requests

[Hal Murray via devel]

Merge requests seem reasonable if all goes well.  My work flow is roughly:
  download the patch  (URL plus ".patch")
  scan it
  maybe apply and test
  approve and merge

But things go downhill if I don't like something.  What I get from James is an 
update to the MR, a patch to the patch.  That makes reading/checking the patch 
harder and clutters up the git log.

What if I don't like the description of a patch?

Merge has an option to reduce all the patches to one.  But often that isn't 
appropriate.


git works so well for most things.  I think I/we are missing something in the 
workflow.


Should we be throwing away merges and making new ones rather than patching 
them?

How do I backup a bunch of commits that turned into a MR so I can make them 
better and try again?

I'm on a list or two where patches are distributed via email.  git has several 
commands for that.  Iterations usually have a v1 v2 ... as part of the 
Subject.  Often individual parts will be approved.  It's a lof of clutter in 
the email stream but the discussion gets archived in email rather than hidden 
over in a MR.

Is there a way in gitlab to approve only one of the patches rather than all of 
them?  I think I could do that by downloading the patch which is several email 
messages, editing out the one I want...  Again, if that was the right thing to 
be doing, I'd expect git to support it which it probably does if you use their 
email mode.



-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: Time for a release?

[Hal Murray via devel]

Is updating PIVOT.h on your checklist and/or should I update it now while I/we 
think of it?


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: Time for a release?

[Hal Murray via devel]

> What sort of testing did you have in mind?

Nothing in particular.  We haven't had a release in a while so I hope 
everybody will run git head and keep an eye out for glitches, make sure their 
favorite toys work as expected, double check log files, etc...

> Any specific doc cleanup?

Our doc always seems to need work.

On my list was making sure it mentioned mssntpinfo.  When I took a quick look 
at the man page, I got distracted with multicast/broadcast stuff.

> Here are the open issues the caught my eye:
> https://gitlab.com/NTPsec/ntpsec/-/issues/806

I think we should fix that.  Or at least try.  It sounds like a bug in 
ntp_control.  I just tried rv xxx for some xxx that was a reasonable assid.  
It didn't print any garbage.  Anybody got a handy test case?

Looking at the code...
It fills a buffer with 8 " %.2f", then calls the routine that prints that as 
name=value.
That won't work with spaces in there -- well, maybe it will, but it depends on 
what the parser in ntpq does.  I'd expect it to call the routine that prints 
it as name="value".  But I don't know what ntpq is doing...  We should print 
that stuff in a nice table.


> https://gitlab.com/NTPsec/ntpsec/-/issues/802 (is this resolved with our
> latest FIPS changes, and do we have an environment to test it?) 

I think it is fixed.  I don't think we have any way to test it.
Google says maybe we can get CentOS into FIPS mode, but maybe that only works 
for a particular version of CentOS...


> Are we able to use our ntpq to probe *cast fields on other
> ntp daemons that support it? If so, leave it in.

If you point ntpq -p at a Mills/classic box, it might be configred with a 
*cast slot or a peer slot.  If so, our ntpq would print something in the t 
column that you can't get from our servers.

Plan 1 is to move the stuff I don't like to a footnote.

Plan 2 is to fix the codes in the t column to be sensible for our use.  The 
old use is "s" for symmetric (aka peer) and "u" for unicast (aka normal 
server).  I'd like to see "s" for server and "p" for a pool host.  (That would 
make the footnote a bit bigger.)  But "p" is already used for the pool slot.  
We could change that to P or people could notice the POOL in the refid slot.



-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Time for a release?

[Hal Murray via devel]

The last time this was suggested, I encouraged waiting until we fixed mssntp.  
Well, I think we have it fixed but we haven't found anybody to test it.

So I think it's time to get ready for a release.

Time for lots of testing.  And documentation checking/cleanup.

Does anybody have any features that should or must go in or bugs we should fix?
(I haven't looked through issues yet.)


What is the policy on ntpq documentation?  We have tuned the code for use with 
our version of ntpd, but it still mostly(?) talks to the old Mills/classic 
version.  I noticed lots of references to multicast and broadcast in the man 
page.  We removed the code that supported that stuff ages ago.  The *cast 
references are now clutter if you are interested in our code, but might be 
relevant if you are looking at an old old system.  Should we leave the *cast 
documentation in or clean it out?

I have 3 hacks that were used to debug talking to Samba.  Is a subdir under 
attic a reasonable place for them?


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

[NNagain] Spam filtering

[Hal Murray via Nnagain]

[Was Amtrack]


> 2) I could get mad that I figure 80% of this new email list is vanishing into
> spam boxes.


> What of the 10s of thousands of other emails that have come over the years
> not just from lists.bufferbloat.net but from people trying honestly to
> communicate? 

There is/was a good discussion of all the good things that network geeks have 
done.

How about discussing the things they haven't done?

Spam would be pretty high on my list.  It's tangled up with (in)security -- a 
lot comes from infected systems or phished accounts.

The current approach to spam is cost shifting.  If you don't pay for your 
abuse desk, the crap that you send or phishing sites you host..., means that 
the rest of the net has to spend more on defense.

Anybody remember Spamford Wallace?  He was going to setup a spam friendly ISP. 
 Nobody would connect to him.  I wonder what would happen if a few ISPs that 
host a lot of abuse had  more troubles getting connected to the net.  Would a 
few well publicized examples be enough to spread the word?



High on my list would be dis/mis-information.  The business model seems to be 
to show customers things that will keep them online so you can show them more 
ads.  Gues what does that?

Is this also cost shifting?  It's society as a whole that has to pay for the 
disruption caused by bogus information.


-- 
These are my opinions.  I hate spam.



___
Nnagain mailing list
Nnagain@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/nnagain

Re: What's magic about /tmp/? ntpd can't find UNIX socket

[Hal Murray via devel]

Found it.  systemd sets up separate /tmp for some services.



Features/ServicesPrivateTmp
  https://fedoraproject.org/wiki/Features/ServicesPrivateTmp

Run some services started by systemd with a private /tmp directory. This would 
mitigate the chance of a service making a mistake with how it handles its /tmp 
data allowing a user on the system to get a privilege escalation, since users 
would not have access to the services /tmp directory.

Poking around finds these:
/var/tmp/systemd-private-2c3b3b4c2ab247d6818605b23cd9d8a8-ntpd.service-oWq0lA/t
mp
/tmp/systemd-private-2c3b3b4c2ab247d6818605b23cd9d8a8-ntpd.service-2VABCf/tmp

Both are empty.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: What's magic about /tmp/? ntpd can't find UNIX socket

[Hal Murray via devel]

matthew.sel...@twosigma.com said:
> Are you running ntpd with --jaildir (or -i) or some chroot-like
> functionality? 

Not that I know of.
Oct 18 23:17:42 hgm ntpd[16099]: INIT: Command line: /usr/local/sbin/ntpd -g 
-N -u ntp:ntp


But systemd might be doing something like that without telling me and/or it is 
telling me but I don't know where to look.



-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: What's magic about /tmp/? ntpd can't find UNIX socket

[Hal Murray via devel]

Gary said:
> Notice the "nodev"?
> From "man chmod":
>nodev
>Do not interpret character or block special devices on the
>filesystem. 

It works fine from my test program.  What's different about ntpd?

Is a UNIX socket (fifo?) a special device?
When I see "device", I think of the stuff in /dev/



-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: What's magic about /tmp/? ntpd can't find UNIX socket

[Hal Murray via devel]

devel@ntpsec.org said:
> Can you provide:
> ~ $ ls -ld /tmp drwxrwxrwt 12 root root 580 Oct 19 11:00 /tmp

srwxrwxrwx  1 murray murray   0 Oct 18 20:51 /tmp/fake-samba-socket/socket
drwxrwxrwx  2 ntpntp 60 Oct 18 20:51 /tmp/fake-samba-socket/
drwxrwxrwt 19 root   root   500 Oct 19 13:19 /tmp/

Changing the owner to ntp didn't make any difference.

> And:
>  ~ $ mount | fgrep /tmp tmpfs on /tmp type tmpfs (rw,nosuid,relatime,size=3D20
> 97152k) 

tmpfs on /tmp type tmpfs (rw,nosuid,nodev,nr_inodes=1048576,inode64)


We may be shooting ourselves in the foot.  There is a lot of stuff in 
ntp_sandbox.  When we droproot, we retain privs for setting the clock.  Is 
there a priv for accessing /tmp/?  I just scanned the list in the 
capabilities(7) man page and didn't see anything but I could easily have 
missed something.



-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: What's magic about /tmp/? ntpd can't find UNIX socket

[Hal Murray via devel]

matthew.sel...@twosigma.com said:
> Are you using selinux or something that would prevent access to /tmp?

I have  selinux=0 and audit=0 on the kernel command line.

What sort of rule would keep ntpd from seeing /tmp/ and where would that sort 
of rule live?

Is this something from systemd?


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

What's magic about /tmp/? ntpd can't find UNIX socket

[Hal Murray via devel]

I'm working on MS-SNTP.  I have some hack programs that should help exercise 
all the code.  [We should have done this ages ago.]

I put James's patches into my server and tweaked the config.

I put the samba socket in /tmp/
ntpd couldn't see it.  My test programs work fine.

18 Oct 20:52:00 ntpd[5671]: SIGND: can not connect socket 
'/tmp/fake-samba-socket/socket': No such file or directory

What's magic about ntpd and /tmp/?
I'm running on Fedora.

It works when I move the socket to /home/murray/, but I was trying to keep my 
name out of it so somebody else could run my hacks without any edits.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: Too many merge requests

[Hal Murray via devel]

James said:
> MR 1333 should address the issue where every response in an mssntp-restricted
> subnet gets lost in ntp_signd.

Is there any reason to approve it now when we don't know if it works yet?

Are all the changes inside an #ifdef?  (and thus unlikely to break normal 
operations)


> MR 1331 addresses several issues with ntpdig and MAC handling. 

I hate big python programs.  It would be nice if somebody else took a look at 
that one.


> MR 1325 holds lost patches.

What does "lost patches" mean.? If they are useful, it will be much easier to 
approve them if they are split up -- one problem will hold up the whole 
collection.

-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: [NNagain] Internet Education for Non-technorati?

[Hal Murray via Nnagain]

Jack Haverty said:
> A few days ago I made some comments about the idea of "educating" the
> lawyers, politicians, and other smart, but not necessarily technically
> adept, decision makers.

That process might work.

Stanford has run programs on cyber security for congressional staffers.

From 2015:
Congressional Staffers Headed to Stanford for Cybersecurity Training
https://cisac.fsi.stanford.edu/news/congressional-staffers-headed-stanford-cybe
rsecurity-training



> Today I saw a news story about a recent FCC action, to mandate "nutrition
> labels" on Internet services offered by ISPs:

Is there a chicken-egg problem in this area?

Suppose I had a nutrition-label sort of spec for a retail ISP offering.  How 
would I know if an installation was meeting the specs?  That seems to need a 
way to collect data -- either stand alone programs or patches to existing 
programs like web browsers.

Would it make sense to work on those programs now?  How much could we learn if 
volunteers ran those programs and contributed data to a public data base?  How 
many volunteers would we need to get off the ground?


Could servers collect useful data?  Consider Zoom, YouTube, gmail, downloads 
for software updates...



-- 
These are my opinions.  I hate spam.



___
Nnagain mailing list
Nnagain@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/nnagain

[cas-user] Re: Repeated Errors with CAS Initializer

[Hal Deadman]

6.6.12 has been released and it is in maven central. The tag and release 
will show up in github.com/apereo/cas soon (4 weeks from 9/14). 

https://apereo.github.io/2023/09/14/oauth-vuln/
https://apereo.github.io/cas/developer/Sec-Vuln-Response.html#security-fixes
https://apereo.github.io/cas/developer/Sec-Vuln-Response.html#grace-period

On Thursday, October 5, 2023 at 9:12:43 AM UTC-4 Irons, Joseph R wrote:

> For several months I’ve had repeated issues with builds using the CAS 
> Initializer. Previously the below command would build fine
>
>  
>
> curl https://casinit.herokuapp.com/starter.tgz -d type=cas-overlay -d 
> casVersion="XXX" -d dependencies="XXX" | tar -xzvf -
>
>  
>
> Replacing the version number and dependencies. However now I consistently 
> run into the following
>
>  
>
>- Latest version is not available. For example currently Releases · 
>apereo/cas (github.com)  shows 
>the latest version of 6.X as 6.6.11, however curl  
>https://casinit.herokuapp.com/actuator/supportedVersions shows that 
>version isn’t available and instead lists 6.6.12.
>- When running the above curl without any dependencies the build will 
>complete however adding dependencies causes it to fail to download
>
> % Total% Received % Xferd  Average Speed   TimeTime Time  
> Current
>
>  Dload  Upload   Total   SpentLeft  
> Speed
>
> 100   1620   102  10060368216 --:--:-- --:--:-- --:--:--   
> 369
>
>  
>
> gzip: stdin: not in gzip format
>
> tar: Child returned status 1
>
> tar: Error is not recoverable: exiting now
>
>  
>
> I’ve tried running a local docker instance of the initializer however that 
> has its own issues ranging from showing completely different versions to 
> dependencies either failing to download or showing version mismatches.
>
>  
>
> Does anyone have a way to get the initializer to correctly download the 
> latest 6.X build with dependencies?
>
>  
>
> Thanks
>
>  
>
> Joe
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/c7144959-fd9c-46a5-9706-ce7351ceb238n%40apereo.org.

Re: mssntp option breaking time service: tester(s) wanted

[Hal Murray via devel]

Google found this:

[MS-SNTP]: Network Time Protocol (NTP) Authentication Extensions
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-sntp/8106cb73-
ab3a-4542-8bc8-784dd32031cc

Which links to:

[MS-SNTP]:
Network Time Protocol (NTP) Authentication Extensions
https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-SNTP/
%5bMS-SNTP%5d.pdf
54 pages.

It has lots of details, but I've only skimmed it.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: mssntp option breaking time service: tester(s) wanted

[Hal Murray via devel]

Does anybody have details on how MSSNTP signing works?

If we can find that, we can write some POSIX code to test things.

There is a link in ntpd/ntp_signd.c
  http://msdn.microsoft.com/en-us/library/cc212930.aspx
But I didn't find anything interesting there.  (Maybe my browser was filtering 
something.)

We still need to test with real Windows at least once to make sure our test 
code does the right thing.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: tex2LyX error

[Hal Kierstead via lyx-users]

Scott -

This took me a while because of working with two apps.

Here are a Latex file 

MWE.tex
Description: Binary data
and what LyX imports 

MWE.lyx
Description: Binary data
. The Lyx file is too short. Also it does not compile because of an extra brace 
related to the equation. If you erase the brace everything works. In particular 
we get the whole LyX file.

I can understand that we may get some Latex errors from the importing process, 
but why do we lose text in the LyX file?

Hal

> On Sep 29, 2023, at 8:46 AM, Scott Kostyshak  wrote:
> 
> On Fri, Sep 29, 2023 at 08:28:31AM -0700, Hal Kierstead via lyx-users wrote:
>> All - 
>> 
>> I have a 1227 line LaTeX file that compiles fine. I would like to import it 
>> into LyX 2.3.7. Every time I try the import ends at line 543. This is just 
>> before an \end{proof}. After adding the missing \end{proof} the shortened 
>> LyX file works fine. 
>> 
>> I have tried importing other LaTeX files without problems. I have also tried 
>> restarting LyX. What could be happening?
> 
> Could you please make a minimal example .tex file?
> 
> Thanks,
> Scott
> -- 
> lyx-users mailing list
> lyx-users@lists.lyx.org
> http://lists.lyx.org/mailman/listinfo/lyx-users

-- 
lyx-users mailing list
lyx-users@lists.lyx.org
http://lists.lyx.org/mailman/listinfo/lyx-users

tex2LyX error

[Hal Kierstead via lyx-users]

All - 

I have a 1227 line LaTeX file that compiles fine. I would like to import it 
into LyX 2.3.7. Every time I try the import ends at line 543. This is just 
before an \end{proof}. After adding the missing \end{proof} the shortened LyX 
file works fine. 

I have tried importing other LaTeX files without problems. I have also tried 
restarting LyX. What could be happening?

Thanks,

Hal
-- 
lyx-users mailing list
lyx-users@lists.lyx.org
http://lists.lyx.org/mailman/listinfo/lyx-users

Re: I just pushed ntsstats and ntskestats

[Hal Murray via devel]

> After glancing at the tops and bottoms fo some of the HTML docs, I think I
> have some issues to correct.

I think the last line of the man pages used to have the version number.  I'm 
not seeing that now.

Is that because I'm doing something special to get the date in the version 
string ( --build-desc=xxx to waf) or did that fall throug the cracks somehow?  
(Or was it my imagination?)



-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: I just pushed ntsstats and ntskestats

[Hal Murray via devel]

>I am willing to break out some instant expert credentials on this until
>someone better shows up. 

Thanks.

>I will take a look at it. Would you like a single or double-line 'box' 

I have a slight preference for double, but it doesn't really matter.

I've seen some example with double on the left bar and single on the 
top/bottom.
That was probably the web version.

--

I thought I send in an Issue but can't find it...

Please check the bottom few lines on the man pages.  At least one of them 
didn't get updated to use our trailer stuff and still has the Mills version.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

I just pushed ntsstats and ntskestats

[Hal Murray via devel]

There was a request for ntpviz to show NTS traffic.  We now have the log files 
to make that possible.

Any documentation wizards?

Please look at the indentation around the info for the *stats options in both 
the man page for ntp.conf and the html pages for ntp_conf and monopt.

The web pages have a box around the sample lines for the log file.  That's 
missing from the man pages.

-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Testing -4 and -6

[Hal Murray via devel]

Does anybody have a recipe (or pointer to one) for how to get a system running 
without any IPv6?

I want something such that isc_net_probeipv6_bool() will return false.

Do we have to build our own kernel with some config variable turned off?
Or will just not configuring any IPv6 interfaces be good enough?

Same for IPv4.

The code for isc_net_probeipv6_bool is slightly different from that for 
isc_net_probeipv4_bool.  I didn't go down that rathole.  It looks like 
somebody may be assuming that some or all of IPv4 always exists.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Tangle with -4 and -6

[Hal Murray via devel]

-4 and -6 work on the server line in ntp.conf but are not documented

-4/ipv4 and -6/ipv6 "work" on the command line, but they don't do what the 
documentation says.  The man page says:
   Force DNS resolution of following host names on the command line to
   the IPv4 namespace.
What they do is turn off setting up sockets for the other protocol.

I'm not sure what the NTS server does if, say, the system doesn't support IPv6 
when it tries to listen on an IPv6 address.

--

The network side sets up two flags: ipv4_works and ipv6_works
The command line -4 and -6 flags turn off the other _works flag.

I wrote the DNS code for both server/pool and NTS.  I don't remember how the 
-4/-6 options work (and a quick look didn't refresh my memory).  I don't 
remember ever checking the above flags or thinking about doing it.

Note that there are 2 DNS lookups on the NTS path, one for the NTS-KE server 
and another if the server returns a name/address rather than using the default 
of the same address as was used for the NTS-KE lookup.

I'm pretty sure the command line processing doesn't do any DNS lookups.
It roughly adds a server line, and does a DNS lookup with the constant-only 
(no net traffic) flag so that slot won't get delayed behing a real DNS lookup 
that is skow.

--

I think we should clean up this area.  That includes:

Making sure DNS lookups don't use an address for a disabled protocol.

Add enable/disable -4/ipv4 -6/ipv6 to ntp.conf
Note that these will have a backwards meaning from the -4 on the command line.
  -4 on the command line <=> disable -6


Does this make sense?
Am I missing anything?

This will take a lot of testing.



We should move the command line code in config_peers to that checks for a 
numeric address to the main processing loop.
 

-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Windows time scrambling (from the TZ list)

[Hal Murray via devel]

"Windows feature that resets system clocks based on random data is wreaking
havoc."

https://arstechnica.com/security/2023/08/windows-feature-that-resets-system-clo
cks-based-on-random-data-is-wreaking-havoc/




-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: Go GC

[Hal Murray via devel]

Gary said:
> Avoiding creating garbage is hard.

In general, yes.  But the inner loop of the server side is not very 
complicated.

The APIs that I'm looking at are read-into-my-buffer rather than return a new 
buffer that needs to be GCed.

I think it's worth some effort to investigate this area.  I'm prepared to give 
up if we find a fatal problem.  Again, I'm assuming that we split ntpd into 
client and server parts so all we have to work on is the server half.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Go GC

[Hal Murray via devel]

Gary said:
>James Browning via devel  wrote:
>> It would appear there is a way to turn off GC under runtime/,
> How?  Link? 

https://pkg.go.dev/runtime/debug#SetGCPercent

It's not clear to me how to take advantage of that.  You still have to turn it 
on occasionally or your world will fill up with garbage.

I poked around a bit.  I'm pretty sure that we can write a server that doesn't 
generate any garbage when processing a normal client request.  The APIs for 
recvmsg/sendto don't allocate anything.  If we split ntpd into client side and 
server side, I think we can write the server code such that the GC never runs. 
 Or maybe never needs to run and we have to explicitly tell it not to bother 
trying.

Logging stuff would probably generate garbage.  The server side doesn't need 
to do that.


Gary said:
> Hal said:
>> There are lots of ways to inject timing bumps before we get to
>> garbage collecting.  cache, scheduler, interrupts, CPU speed, ...
> Any that work? 

What do you mean by "work"?

I don't know how to avoid any of the above.  Note that there are 2 levels of 
interrupt.  The firmware steals a few cycles every now and then for things 
that it doesn't trust the OS to get right.  The main example is checking the 
temperature and turning the CPU clock down if things are too hot.

Then there are interrupts that get passed to the OS.  You can fight that 
somewhat by manually assigning work to CPUs.  But the scheduler still has to 
run occasionally and if your workload doesn't use the whole CPU, that CPU is 
likely to slow down when you are waiting for work.

I did a bit of hacking with attic/clocks.c
On this machine, the average time to read the clock is 13 ns.
Within a burst of a million samples, there is usually a few in the 10-15 
microsecond range.

Occasinally, there is something in the 60-70 microseconds range.  They are 
rare enough that it's easy to miss one in a million sample pairs of reading 
the clock.

Slowest from each batch of 100...
  11331  18540  11282  11341  11306  11311  11307  11316  11307  11322
  16188  14920  11322  11293  13337  13025  32270  11352  21706  11313
  32463  22764  11812  11308  11319  60664  11301  14530  20428  11319
  14973  11308  11287  14181  13127  11320  11298  11312  12053  15081
  17762  17329  11279  12430  11299  16946  14470  14745  13816  11323
Slowest was 60664

Histogram: CLOCK_REALTIME, 1 ns per bucket, 100 samples.
ns  hits
10  6646
11124028
12410522
13229036
14177996
15 48724
16   259
17   535
18  1430
19   585
2070
2124
2214
2313
2410
59 samples were bigger than 24.

Histogram: CLOCK_REALTIME, 250 ns per bucket, 100 samples.
ns  hits
 049
  2250 2
  3250 1
  3500 3
  3750 3
  4000 1
  8250 1
  8500 1
  875020
  9000 1
  9250 1
 10250 1
 11000 9
 11250 4
 13250 1
2 samples were bigger than 13250.
Slowest was 14424.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: Is python2 dead?

[Hal Murray via devel]

Gary said:
> Please, no.  Go is a garbage collected language.  Just what NTPsec does not
> need, random, unpredictable delays. 

I was thinking of the Python code in ntpclients/ and pylib/
Is there anything in there that is time sensitive?

There are lots of ways to inject timing bumps before we get to garbage 
collecting.  cache, scheduler, interrupts, CPU speed, ...

Do you have any data on Go GC times?


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: Is python2 dead?

[Hal Murray via devel]

Thanks.

Maybe it's time to switch to Go?

How long would it take us to rewrite, from scratch, everything in ntpclients?

I occasionally poke around in ntpq.  I find it very hard to work with.  I 
think the others are much simpler.

Is the basic structure right?  If we were starting from scratch, what would 
pylib look like?


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Re: Is python2 dead?

[Hal Murray via devel]

Gary said:
> Let's try again in a year. 

Sounds good to me.


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel

Is python2 dead?

[Hal Murray via devel]

Really really dead?  Or maybe just hiding in some dark corner?

Should we drop support for python2 as part of the next release?
Or announce in the next release that we will drop it as part of the following 
release?


-- 
These are my opinions.  I hate spam.



___
devel mailing list
devel@ntpsec.org
https://lists.ntpsec.org/mailman/listinfo/devel