Vào CN, 8 thg 3, 2026 vào lúc 19:14 Crystal Kolipe <[email protected]> đã viết: > > On Sun, Mar 08, 2026 at 12:49:30PM +0100, Peter N. M. Hansteen wrote: > > On Sun, Mar 08, 2026 at 11:44:15AM +0000, hmjsp wrote: > > > disable ntpd? why? > > > > See https://marc.info/?l=openbsd-bugs&m=177296357231841&w=2 > > Just to make it clear to anyone reading the archives in the future, the > suggestion to disable ntpd was a joke and a form of irony. > > Unfortunately the original two messages were posted to different lists, (-bugs > and -misc), so it's entirely possible that this could be missed by casual > readers of just one list. > > There is _no serious suggestion_ to disable ntpd. >
You are their friend and have met them face to face? I will provide some context about the suggestion to disable NTP. It is possible that [email protected] came from one of the following ``privacy security'' communities (most suspected first) - GrapheneOS (Hardened Android with a Hardened Linux Kernel) - Madaidan's Insecurity (https://madaidans-insecurities.github.io) - privsec.dev (Systemd Lovers and Kernel Hardener) - Secureblue (Fedora Lovers, Kernel Hardener and Chromium Hardener) - isopenbsdsecu.re (Is Open BSD Secure) - PrivacyGuides - CalyxOS - Techlore - ... The first 4 communities agreed that NTP is not secure: > The most popular time synchronisation method, NTP, is insecure, > as it is unencrypted and unauthenticated, allowing an attacker to > trivially intercept and modify requests. NTP also leaks your local > system time in NTP timestamp format, which can be used for > clock skew fingerprinting, as briefly mentioned before. And they came up with this solution: > Thus, you should uninstall any NTP clients and disable > systemd-timesyncd if it is in use. > Instead of NTP, you can connect to a trusted website over a > secure connection (HTTPS or, preferably, a Tor onion service) > and extract the current time from the HTTP header (madaidan's insecurity) bios_23498234908, I suggest we to create a C study group (or any programming language) and help each other motivated. Do you know that Tommy (the owner of privsec.dev, who made a long post about linux hardening, F-Droid security analysis, etc) **haven't written a single line of code**, but can still talk about encryption, security and hardening all the days?
