Am 20.12.2014 um 16:41 schrieb Philip Gladstone: > > > There appear to be >3 million exposed NTP servers on the internet.
Exactly that's the point. And it looks like this will continue to be. Due to a developer's ego trip. As far as I know all major releases ship with 4.2.6. This might be outdated, 4.2.7 or even .8 might be better, cheaper, friendlier to the environment - I dare to say that the vast majority of ntpd admins are running the (public) time serversas a side project of a side project of a tertiary installation. Telling these people "there's something wrong, I do not care to make it possible for your distros to fix it in time, just compile my new world-saving version, even if you probably have to find out what the hell else you have to install and how to configure this new beast" does not help much. Because: - remember the "side project"? I can't just mess up whole servers which happen to run ntpd as one relatively unimportant service together with many much more important one just to try: What else may break? - many system administrators are not programmers. If errors during compile time do not tell you anything this does not mean you're bad at your job: That's why you use a well known and supported distribution and do not build your kernel and userland yourself. - It may or may not be feasible for the big distributors to kill the whole problem with manpower. But if they do not, there's nothing the "default admin" can do against it (even if he could technically he may not be allowed to by policy). And in this situation s-o shows up and, in a remarkably aggressive notion, tells people "if you're not just grateful for what I did and do as I tell you then you're a whining idiot, it's your fault that I'm not paid enough foir my work!" Honestly, this remembers me a lot about "discussions" with Mr. Poettering or Mr. Schily - is this kind of treating everyone who does not wave fan flags for you some kind of new business style I missed? But I have to do something. Maybe, but better safe than sorry. And as I do not fear many "evil haxors" from inside our networks, I closed down our firewalls for NTP with the outside world - we're running a stratum 0 source of our own so this does not affect our business. Unfortunately this will mean: No public ntp servers from us anymore. It was nice as long as it lasted. _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
