Re: Using Go for NTPsec
Hal, on the Rust v Go issue. I am speaking as a consumer of your code, who builds from source. There is talk on the LKML, about adding Rust as an allowed language. There seems to be no objection in principle, work is proceeding. Much of my knowledge of Rust is from those threads, The issue I have is that each time you add code, or James refactors to fix bugs, there might be an implicit, untracked, bump in the rustc version required. Although Fedora may be able to keep up, debian-backports, or anything but the latest Ubuntu, and certainly Solaris, would remain stuck at earlier ntpsec versions, because the toolchain is not available or upgradable. I know the vast majority (99%?) of all ntpsec install come from distros, so it is not like the pain will be widely felt, but it *would* be felt. What do our RPM and DEB packagers think? Which language/environment could you tolerate? -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Using Go for NTPsec
This is output from my 17 year old server, i386, 32-bit, no TXCO, cheap hardware, sitting in an airconditioned office where staff keep fiddling with the thermostat (the large unit is 20 years old, so you are either cold or very cold). root@ntpmon:~# uptime 10:20:02 up 14 days, 9:33, 1 user, load average: 0.04, 0.03, 0.00 root@ntpmon:~# ntpq -pnu remote refid st t when poll reach delay offset jitter === *SHM(1) .PPS.0 l 93 64 376 0ns -5.526us 5.343us -SHM(0) .GPS.0 l 27 64 377 0ns 74.723ms 63.766ms -2604:a880:1:20::17:5001 64.142.122.372 86 64 377 190.57ms 964.59us 157.85us -2a03:b0c0:1:d0::1f9:f001193.62.22.74 2 8 54 64 377 229.74ms 2.4097ms 177.81us -2a00:d78:0:712:94:198:159:11192.87.36.4 2 8 32 64 377 195.16ms 13.216ms 117.49us -2606:4700:f1::1 10.23.8.43 8 53 64 377 38.222ms -2.133ms 199.36us +2403:5000:171:11::2 .MRS.1 u 36 64 377 38.352ms 591.67us 71.542us 2404:e800:3:300:218:186:3:36.STEP. 16 u- 1024 0 0ns 0ns477ns +118.143.17.82 .MRS.1 u 59 64 377 36.238ms -1.341ms 26.321us -193.204.114.231 .CTD.1 u 54 64 357 255.54ms 40.967ms 63.054us 131.107.13.100 .STEP. 16 u- 1024 0 0ns 0ns477ns root@ntpmon:~# 2604:a880:1:20::17:5001 is ntp1.glypnod.com. 2403:5000:171:11::2 is in Hong Kong. If I can get this on crap hardware, poorly maintained and tuned, on the other end of the world from glypnod.com , I assume there is low-hanging fruit still possible. Letting Hal or Gary near it should push it to 100us, I assume. PS: My official reason for not using newer hardware is "I am making sure NTPsec and gpsd do not drop support for i386". :-) -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Using Go for NTPsec
This is a follow on to Eric's email a few hours ago, I am keeping that thread clean. (The last 3GL I programmed in was Fortran, and not the 77 version. I can read bash scripts and C pseudo-code) The literature I can find speaks of Go GC being improved in 1.5, such that the STW phase (the "sweep") is now less than 1ms. This is impressive, but for NTP, this places a lower bound on our jitter. What am I missing? -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Fedora 34 ships with ntpsec
Hi, Fedora 34 has shipped. Among other changes, ntpsec replaces ntpd during an upgrade. https://fedoraproject.org/wiki/Releases/34/ChangeSet#ntp_replacement https://fedoraproject.org/wiki/Changes/NtpReplacement Thanks, Miroslav. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Threads
Hal, newbie question. What use case on the internet would be saturating a Gb link with NTP? Surely, before that, we should be recommending a second server closer to the clients? Assume a large University campus, with 3 nodes (5k students, each with a tablet and phone, etc). Assume all nodes (including the IOT coffee maker) run an NTP client. With a poll of 100 secs (to make life easier), that is 3000 pkts/s . I have an ancient Pentium 4, from 2005 or earlier. 4GB RAM, 32-bit. ntp -n -c monlist says 67000 slots. It is in the pool, since 2009 or so. CPU load is 1% on each core, except when I run updates, etc. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Wed, Apr 7, 2021 at 12:43 PM Hal Murray via devel wrote: > > There are 4 places that might be the limiting factor. > > 1) The wire might be full > 2) The Ethernet chip might not be able to process packets at full wire > speed. > 3) The kernel's input dispatcher thread might run out of CPU cycles. > 4) The client threads might run out of CPU cycles. > > I don't have a good setup to demonstrate the Ethernet chip being the > limiting > factor. I could probably make one by plugging in a junk card. The > gigabit > chips that come on Dell motherboards are OK. They can get close to full > wire > speed, close enough that I'm missing under 100 bits between packets. > > The other limits are reasonably easy to demo. > > I have a box with an Intel E5-1650v3. It has 6 cores at 3.5 MHz. With > HyperThreading, that's 12 CPUs. > > My standard test setup is an echo server. The kernel SoftIRQ thread gets > one > CPU. The other half of that core is left idle. There is an echo server > thread on each of the other 10 CPUs. > > Measured NTP throughput: > pkts/sec uSec/pkt >426K 2.3NTP (simple) 48 bytes >320K 3.1NTP + AES 68 bytes > 93K 10.7NTP + NTS232 bytes > > The wire limit for NTP+NTS (232 UDP bytes) is 407K packets per second. > That's > 2.5 uSec per packet. With 10 CPUs, we have 25 uSec per packet. We only > need > 11 so this processor chip should be able to keep up with a gigabit link > running at full speed. > > Note that a workstation with 4 cores can probably keep up. That leaves 6 > worker threads so we only get 15 uSec of CPU time for each packet, but > that's > still more than 11. I don't know how much running both CPUs of a core > will > slow things down. We'll have to wait and measure that. > > > -- > These are my opinions. I hate spam. > > > > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: GitLab | Projects forced to "Private" (#294196)
As of 20 minutes ago, I can now pull from the repository unauthenticated. On Fri, 18 Dec 2020, 8:21 am Eric S. Raymond, wrote: > Neustifter Andreas : > > Hi, > > > > I have searched for similar incidents (e.g. > https://gitlab.com/gitlab-com/gl-infra/infrastructure/-/issues/6022) > which lead me to the Issue tracker for the GitLab DevOps at > https://gitlab.com/gitlab-com/gl-infra/production. They seem pretty > responsive you can try your luck there? > > Thanks for bringing this tracker to our attention. We had beenn looking > for a good place > to report the problem and not previously found one. > > I have opened an issue there: > > https://gitlab.com/gitlab-com/gl-infra/production/-/issues/3210 > -- > http://www.catb.org/~esr/;>Eric S. Raymond > > > > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Blizard of mail from GitLab-Abuse-Automation
Ah, so not my fault. I tried updating my fork about 11 hours ago, and was to authenticate to pull from the NTPsec git repo. I tried with another repo, it worked, so I assumed one of us was modifying the security settings of the repo. On Thu, 17 Dec 2020, 7:38 am James Browning via devel, wrote: > On Wed, Dec 16, 2020 at 12:40 PM Richard Laager via devel < > devel@ntpsec.org> wrote: > >> GitLab Abuse folks: >> >> A user (bot?) named @GitLab-Abuse-Automation closed a bunch of >> legitimate NTPsec merge requests: >> >> >> :::snip list of merge requests::: > >> >> >> Worse, I (@rlaager) seem to be unable to reopen the MRs, so I can't fix >> this. For example, I tried reopening these two: >> https://gitlab.com/NTPsec/www/-/merge_requests/33 >> https://gitlab.com/NTPsec/ntpsec/-/merge_requests/1091 >> >> >> Can you help? >> >> >> Other NTPsec developers are confused too: >> >> On 12/16/20 12:06 PM, Hal Murray via devel wrote: >> > Can somebody tell me/us what happened? Why? ... >> >> On 12/16/20 2:04 PM, James Browning via devel wrote: >> > My guess is that GitLab deployed a new bot and it (probably) somewhat >> > overzealously closed almost all of the merge requests. >> > > After looking at it a little more it appears that something temporarily > disconnected several forked projects and during the disconnect, a perfectly > routine bot noticed the projects were 'gone' but did not notice when they > 'came back'. As a result, the merge requests can not be reopened as the > projects of the source branches are 'gone'. > > I am probably wrong about this too. > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Runtime testing, What's the CI environment like?
On Sun, Sep 6, 2020 at 11:13 PM James Browning via devel wrote: > On Fri, Sep 4, 2020 at 3:59 PM Hal Murray via devel > wrote: > > Can we run ntpd long enough to test the initialization and much of the > other code? > > Possibly, but to test some of the code paths (NTS) would take about a > day. Who wants to donate machine time for the runner? > I could set up a VM farm, a dozen low-power machines with a mix of Linux and BSDs. Basically a large VMWare, and we can cut machines at need. I can commit to IPv4/IPv6, a nearby GPSd, etc. And when I say "I can setup", I mean I can provide the infrastructure, someone else will have to setup or talk me through the setup :-) -- Sanjeev ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
[no subject]
Ian, please see this, in ntpsnmpd.py if source == ntp.control.CTL_SST_TS_UNSPEC: mode = 2 # Not yet synced elif False: mode = 3 # No reference configured elif source == ntp.control.CTL_SST_TS_LOCAL: mode = 4 # Distributing local clock (low accuracy) elif source in (ntp.control.CTL_SST_TS_ATOM, ntp.control.CTL_SST_TS_LF, ntp.control.CTL_SST_TS_HF, ntp.control.CTL_SST_TS_UHF): # I am not sure if I should be including the radios in this mode = 5 # Synced to local refclock elif source == ntp.control.CTL_SST_TS_NTP: # Should this include "other"? That covers things like chrony... mode = 6 # Sync to remote NTP else: mode = 99 # Unknown return mode lgtm claims that mode = 3 line is unreachable. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Pre-release cleanup
They support *any* git repository. Please see: https://lgtm.com/projects/g/ntpsec/ntpsec/?mode=list -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: NTS-KE client side now defaults to port 4460
On Sat, Jul 11, 2020 at 10:56 AM Hal Murray via devel wrote: > > It's still listening on both 123 and 4460 > > I want to remove listening on 123 right before Mark releases 1.2.0 > Hal, why wait till just before the release? Switch the code now, so that the NTPsec testers can remind each other to rewrite config files (if required). -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: ntpd Certificate Loading
Hal, I have solved the issue for now, by changing the group of the live/and archive/ directories in /etc/letsencrypt to ntp,and giving the group read permissions. root@ntpmon:/etc/letsencrypt# ls -l total 36 drwx-- 4 root root 4096 Oct 21 2018 accounts drwxr-x--- 3 root ntp 4096 Jan 17 2016 archive -rw-r--r-- 1 root root 121 Jan 10 2018 cli.ini drwxr-xr-x 2 root root 4096 May 9 09:39 csr drwx-- 2 root root 4096 May 9 09:39 keys drwxr-x--- 3 root ntp 4096 Jan 17 2016 live -rw-r--r-- 1 root root 924 May 9 09:39 options-ssl-apache.conf drwxr-xr-x 2 root root 4096 May 9 09:39 renewal drwxr-xr-x 5 root root 4096 Oct 21 2017 renewal-hooks We need to add this to the NTS Howto. Let me draft some language. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Tue, Jun 9, 2020 at 12:23 PM Hal Murray wrote: > > Which causes ntpd to fail on startup (I assume after dropping root): > > Looks like you are dying trying to read the certificate. It will get > worse > when you want to read the key. > > -- > > Do you trust user ntp? If so, the fix is to change ownership. I copy the > cert and key over to /etc/ntp/ and change to user ntp:ntp > > > If not, things get complicated. The current code will reload the > certificate > if it is updated. Are you willing to give that up? If so, we can add an > option to read the certificate before dropping root and disable trying to > reload. That probably won't work with early drop root. > > > -- > These are my opinions. I hate spam. > > > > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: ntpd Certificate Loading
On Tue, Jun 9, 2020 at 12:23 PM Hal Murray wrote: > > Which causes ntpd to fail on startup (I assume after dropping root): > > Looks like you are dying trying to read the certificate. It will get > worse > when you want to read the key. > > -- > > Do you trust user ntp? If so, the fix is to change ownership. I copy the > cert and key over to /etc/ntp/ and change to user ntp:ntp > I trust user ntp , it is the only user on this system, but this is a special case :-) But then I lose the automatic rotation :-( > If not, things get complicated. The current code will reload the > certificate > if it is updated. Are you willing to give that up? > If so, we can add an > option to read the certificate before dropping root and disable trying to > reload. That probably won't work with early drop root. > No, I want it reloaded, as LE has short-life Certs. I can handle my case (NTPsec is rebuilt often, and the build command I use can copy over the Cert), but what is the general case we should handle? I would like to use LE. Issue LE certs specifically for NTP? But then how is this going to be validated (NTP has no web server, and no hooks to run certbot). I thought with Open Source I could get anything I wanted, for free, and NOW! At least that is what ESR promised me in his CATB book (the way I recall it). :-) -- Sanjeev ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: ntpd Certificate Loading
(git commit 892fbb435e71349da502b7e2436648f52a09af6f ) Hal, I have the other end of the stick now. My LetsEncrypt certificate path is /etc/letsencrypt/archive/ntpmon.dcs1.biz/ The file: -rw-r--r-- 1 root root 3558 May 9 09:39 fullchain28.pem However, root@ntpmon:/etc/letsencrypt# ls -dl /etc/letsencrypt/archive/ drwx-- 3 root root 4096 Jan 17 2016 /etc/letsencrypt/archive/ Which causes ntpd to fail on startup (I assume after dropping root): 2020-06-09T11:15:58 ntpd[15250]: INIT: OpenSSL 1.1.1g 21 Apr 2020, 1010107f 2020-06-09T11:15:58 ntpd[15250]: NTSs: starting NTS-KE server listening on port 4460 2020-06-09T11:15:58 ntpd[15250]: NTSs: OpenSSL security level is 2 2020-06-09T11:15:58 ntpd[15250]: NTSs: starting NTS-KE server listening on old port 123 2020-06-09T11:15:58 ntpd[15250]: NTSs: listen4 worked 2020-06-09T11:15:58 ntpd[15250]: NTSs: listen6 worked 2020-06-09T11:15:58 ntpd[15250]: NTSs: starting NTS-KE server listening on port 4460 2020-06-09T11:15:58 ntpd[15250]: NTSs: listen4 worked 2020-06-09T11:15:58 ntpd[15250]: NTSs: listen6 worked 2020-06-09T11:15:58 ntpd[15250]: NTSc: Using system default root certificates. 2020-06-09T11:15:58 ntpd[15250]: NTSs: can't stat certificate (chain) from /etc/letsencrypt/live/ntpmon.dcs1.biz/fullchain.pem: Permission denied 2020-06-09T11:15:58 ntpd[15250]: NTS: troubles during init2. Bailing. 2020-06-09T11:15:58 ntpd[15250]: PROTO: 0.0.0.0 c01d 0d kern kernel time sync disabled Um, what do I do? I want to use LE, I want that directory secure, and I want to drop root. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Wed, Apr 8, 2020 at 12:16 AM Richard Laager via devel wrote: > ntpd seems to load the TLS certificate and key before dropping > privileges. Unfortunately, when it tries to *reload* the certificate > later, it has dropped privileges and fails. This is a bit of a trap, as > a sysadmin can think a setup is working when it isn't. (This bit me.) I > think it would be better to do the initial load after dropping > privileges so that it is consistent with reloading. > > -- > Richard > > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: thinking of tagging 1.2.0 for when NTS is officially official.
On Sun, May 31, 2020 at 5:51 AM Hal Murray via devel wrote: > I'm expecting there will be a new port number assigned for the KE server. > Step 1 will be to listen on both old and new port # > Step 2 is to switch the client side to default to the new port #. > Step 3 is to stop listening on the old port #. > > I'm thinking a day or two between steps. > We could complicate things with some conf options. > Hal, are we talking of the ntske port, 4460/tcp ? As I understand it, NTS requires an out-of-band pre-arrangement. It makes no sense for me to probe random IP addresses for an NTS server to use, why would I trust this? So there would be an existing channel between the operator and users of the NTS system. I am still trying to work out the Principle of Least Surprise here, but I think discoverability part is not required, only the fixing of the (current) configurations. ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: the MSNTP feature and author, Andrew Bartlett
On Mon, May 25, 2020 at 12:56 PM Hal Murray via devel wrote: > The code is still there. I don't know if it works or anybody uses it. > > I don't see any mention of it in NEWS. Do you have a line number? > git show 0a46b8bbcd bottom of docs/ntpsec.adoc My apologies, I misread the line. You are right, the code was not removed. I assume there are no reporting users? Would a blog entry help, in eliciting response? -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: the MSNTP feature and author, Andrew Bartlett
Andrew, Daniel, I am trying to track down if MS-SNTP support was added back, and if it is supported. We have an entry in the news file, about removal, but none on addition. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Wed, Jan 18, 2017 at 3:32 AM Andrew Bartlett wrote: > On Wed, 2017-01-18 at 02:47 +0800, Sanjeev Gupta wrote: > > > > On Wed, Jan 18, 2017 at 12:45 AM, Daniel Franke > > wrote: > > > Start me with: > > > > > > 1. A Linux box running Samba and NTP Classic and configured to > > > behave > > > as an MS-SNTP server. > > > > > > 2. A Windows box configured to speak MS-SNTP as a client of said > > > Linux box. > > > > > > > I have setup the two boxes, now to read up on how to setup Samba4 as > > a PDC. > > These links will help a lot: > > > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller > https://wiki.samba.org/index.php/Time_Synchronisation > > Sadly I never wrote client tests for the protocol as part of our Samba > testsuite, which was a serious omission. > > (Yes, the other mail went to a misspelling of my work address, which is > what I gave Mark on my business card. This is the correct address for > this kind of discussion). > > I hope this helps, and thankyou for taking this seriously! > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT > http://catalyst.net.nz/services/samba > > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Copyright years in source code
(cc: to devel@ntpsec) Hi, Over at the NTPsec project (whose developer community intersects with gpsd's) they have scrubbed the Copyright Year from the "Form of Notice". eg: -* Copyright (c) University of Delaware 1992-2015 * +* Copyright University of Delaware* and - * Copyright (c) 1997-2005 by Frank Kardel ntp.org> - * Copyright 2015 by the NTPsec project contributors + * Copyright Frank Kardel ntp.org> + * Copyright the NTPsec project contributors The discussion is here: https://lists.ntpsec.org/pipermail/devel/2020-February/009154.html I have been researching this issue, and I have been unable to find any chinks in Mark Atwood's (short) argument in favour. Further factors: - As GitLab and gpsd.io are both in the USA, the Berne Convention designates the US as the "Country of Origin". - The US Copyright Office is clear that for works after 1989, the Notice of Copyright is optional, and not required. It does give examples of what the Form should be. - 178 countries are signatories to the Berne Convention, and both the UCC and the BAC are effectively obsolete - For the dozen-odd countries who are not signatories, they are members of WTO, which requires acceptance of Berne. I can think of one reason to keep the years, it enables me to look at a document and see if it was last revised this year or 10 years ago. But since this is visible only in the source (the man pages and web pages are rebuilt fresh), and since anyone with source would be able to do a 'git log' or 'git blame', I am not sure is this is a concern. If there is no objection, I would like to scrub out the years from the Form of Copyright. This will be manual, not scripted, to ensure that names and emails do not get mangled. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: BSD-4-Clause-UC license usage
Hal, I have sent in a MR, https://gitlab.com/NTPsec/ntpsec/-/merge_requests/1121 for your review. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Thu, Apr 30, 2020 at 3:21 PM Hal Murray via devel wrote: > > devel@ntpsec.org said: > > Much our of NTS code uses BSD-4-Clause-UC instead of BSD-2-Clause (our > > preferred license for new code). > > > What this license selection intentional? > > No. I just copied something from somewhere. > > > Is BSD-4-Clause-UC intended for code owned by the University of > California, > > or does it make sense for others to use this license as well? > > I wrote all the NTS code. It's ours. Please fix, or tell me what to fix. > > > > -- > These are my opinions. I hate spam. > > > > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
A problem with Pivot Years
https://www.zdnet.com/article/the-y2k-bug-is-back-causing-headaches-for-developers-again/ "Say you are an institution founded in 1920. It is safe to assume that you are not sitting on any information dated from before then; and so, in the double-digit date-recording system, "20" becomes your pivot year. This means that data containing a two-digit year between "00-20" will be treated as post-2000, while years between 20-99 will be interpreted as referring to the previous century. " -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: cloudflare refers NTS users to wrong page
Merge Request submitted. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Tue, Dec 10, 2019 at 10:13 AM Sanjeev Gupta wrote: > I will do that, and re-read Quick-NTS (which was written early on). > > -- > Sanjeev Gupta > +65 98551208 http://www.linkedin.com/in/ghane > > > On Tue, Dec 10, 2019 at 7:22 AM Hal Murray via devel > wrote: > >> >> > links to the NTPsec quickstart page - >> > https://docs.ntpsec.org/latest/quick.html >> > which only discusses NTP, rather than NTS. >> > The correct destination would be >> > https://docs.ntpsec.org/latest/NTS-QuickStart.html >> >> We should have links from each page to the other. >> >> The NTS page should probably start with something like: >> This assumes you are already running NTPsec. If not, go here... >> >> The NTP page should probably end with something like: >> Now that you have it running , go here to add NTS support... >> >> >> >> -- >> These are my opinions. I hate spam. >> >> >> >> ___ >> devel mailing list >> devel@ntpsec.org >> http://lists.ntpsec.org/mailman/listinfo/devel >> > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: cloudflare refers NTS users to wrong page
I will do that, and re-read Quick-NTS (which was written early on). -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Tue, Dec 10, 2019 at 7:22 AM Hal Murray via devel wrote: > > > links to the NTPsec quickstart page - > > https://docs.ntpsec.org/latest/quick.html > > which only discusses NTP, rather than NTS. > > The correct destination would be > > https://docs.ntpsec.org/latest/NTS-QuickStart.html > > We should have links from each page to the other. > > The NTS page should probably start with something like: > This assumes you are already running NTPsec. If not, go here... > > The NTP page should probably end with something like: > Now that you have it running , go here to add NTS support... > > > > -- > These are my opinions. I hate spam. > > > > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Please review this document fragment
/me gets popcorn, sits back:-) -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Please review this document fragment
From: docs/driver_shm.adoc Is the first paragraph still required, if it doesn't apply to current nrpsec? And I cant parse the second paragraph, especially the first line. What should I use? Not the ancient method, surely? The _GPSD_ man page suggests setting minpoll and maxpoll to 4. That was an attempt to reduce jitter. The SHM driver was fixed (ntp-4.2.5p138) to collect data each second rather than once per polling interval so that suggestion is no longer reasonable. *Note:* The _GPSD_ client driver uses the _GPSD_ client protocol to connect and talk to _GPSD_, but using the SHM driver is the ancient way to have _GPSD_ talk to _ntpd_. There are some tricky points when using the SHM interface to interface with _GPSD_, because _GPSD_ will use two SHM clocks, one for the serial data stream and one for the PPS information when available. Receivers with a loose/sloppy timing between PPS and serial data can easily cause trouble here because _ntpd_ has no way to join the two data streams and correlate the serial data with the PPS events. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: IETF in Singapore
Richard, (I am cc:ing Christer and Dieter in case they are not on this list). Christer was telling me about some of the interesting things they are doing, like an NTP (NTS) server using FPGA, cesium masters, etc. I have a single band GPS, so was trying to talk down all the cool toys he has. On the need for the cesium masters, Christer mentioned that the requirements for 5G were usually specified as "within 30ns". According to him, this is not a requirement as specced, but a vendor has this ability, so they are pushing this as "absolutely necessary". As Netnod's customers may want this as well, they have to be able to provide (some sort of?) PTP to the Telco. Christer agreed when I suggested that this is likely to be a "within network sync"; with respect to UTC, the network could drift. I have sinced looked around, requirements mentioned range from 1.5us to 65ns. It seems to depend on what services are offered, beam forming requires sub-us, location services sub-100ns. And few references mention if this is RTT or delay or ... Vendor Blog: https://blog.adva.com/en/time-to-rise-to-the-synchronization-challenges-of-5g Ericsson on Time in RAN: https://www.ericsson.com/en/blog/2019/8/what-you-need-to-know-about-timing-and-sync-in-5G-transport-networks -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Mon, Nov 18, 2019 at 6:54 AM Richard Laager via devel wrote: > On 11/17/19 6:44 AM, Sanjeev Gupta via devel wrote: > > Interesting discussion on the 5G requirements > > Any chance you can even briefly expand on this? In other words, what are > the 5G requirements that relate to NTP/NTS? > > -- > Richard > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: IETF in Singapore
Hal, I met Christer W (Netnod) and Dieter S (PTB) at the Hackathon. Interesting discussion on the 5G requirements, and Christer's setup (his NTS-KE feeding a patched Chrony). Good to put a face to an email address. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Sun, Nov 17, 2019 at 5:29 PM Hal Murray wrote: > > Is there anyone on this list in Singapore this week? > > I didn't hear any comments mentioning plans to go there. > > I'll be available by email. > > > -- > These are my opinions. I hate spam. > > > > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
IETF 106, Singapore
Hi, IETF 106 is in Singapore in November. For once, I am in the same country (at least as far as my travel plans stand now) Interop? What can I do to sweeten your trip here? -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Code freeze
Gary, ALPN string checking. The commit mentioned that it would break with previous NTPSec versions. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Thu, Aug 29, 2019 at 8:28 AM Gary E. Miller via devel wrote: > Yo Sanjeev! > > On Thu, 29 Aug 2019 07:15:56 +0800 > Sanjeev Gupta via devel wrote: > > > Eric, there is a incompatibility break, so could we do 1.2.0 , please? > > What is the break? > > RGDS > GARY > --- > Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 > g...@rellim.com Tel:+1 541 382 8588 > > Veritas liberabit vos. -- Quid est veritas? > "If you can't measure it, you can't improve it." - Lord Kelvin > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Code freeze
Eric, there is a incompatibility break, so could we do 1.2.0 , please? -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Thu, Aug 29, 2019 at 1:47 AM Eric S. Raymond via devel wrote: > We're preparing for a minor point release, probably 1.17, on or about > 1 Aug. > > Code freeze starts now. Bug fixes only, > -- > http://www.catb.org/~esr/;>Eric S. Raymond > > "...The Bill of Rights is a literal and absolute document. The First > Amendment doesn't say you have a right to speak out unless the > government has a 'compelling interest' in censoring the Internet. The > Second Amendment doesn't say you have the right to keep and bear arms > until some madman plants a bomb. The Fourth Amendment doesn't say you > have the right to be secure from search and seizure unless some FBI > agent thinks you fit the profile of a terrorist. The government has no > right to interfere with any of these freedoms under any circumstances." > -- Harry Browne, 1996 USA presidential candidate, Libertarian Party > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: prep for point release of NTPSec, suggest 2019-07-31
On Sun, Aug 25, 2019 at 1:49 PM Achim Gratz via devel wrote: > Mark Atwood via devel writes: > > How does everyone feel about next Saturday, Aug 31 2019-07-31? > > You've got a time machine? 8-) > No, but as Chronos is not implemented, he can set time to what ever he wants on the NIST and USNO NTP clocks. -- Sanjeev ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: ALPN checking
On Sun, Aug 25, 2019 at 4:46 AM Hal Murray via devel wrote: > The 3rd case is when it gets back something other than "ntske/1". > I haven't found a test case for that one yet. If anybody still has a > system > still running our old/buggy code, please let me know the IP Address. > Hal, 203.123.48.1 has been downgraded to NTPsec_1_1_6-3-g8e3daaf0b commit 8e3daaf0b19a2c223553f8c46c27287147d983fa (HEAD) Author: Hal Murray Date: Sat Jul 13 16:37:06 2019 -0700 Make auth column from ntpq assoc work for NTS. root@robustb:~/ntpsec# ntpq -p remote refid st t when poll reach delay offset jitter === *ntpmon.dcs1.biz .PPS.1 u 23 64 17 0.2583 -153.685 118.5922 +netmon2.dcs1.bi 210.23.25.77 2 u 19 64 17 0.3604 -157.341 121.3906 +ntp1.glypnod.co 204.123.2.72 2 8 21 64 17 167.7686 -154.635 118.3224 +ntp2.glypnod.co 139.143.5.30 3 8 17 64 17 186.6249 -157.633 121.6622 root@robustb:~/ntpsec# ntpq -c nts NTS client sends:18 NTS client recvs good: 18 NTS client recvs w error:0 NTS server recvs good: 0 NTS server recvs w error:0 NTS server sends:0 NTS make cookies:0 NTS decode cookies: 0 NTS decode cookies old: 0 NTS decode cookies too old: 0 NTS decode cookies error:0 NTS KE probes good: 2 NTS KE probes_bad: 0 NTS KE serves good: 0 NTS KE serves_bad: 0 I will keep this running while you test. ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Point release of NTPSec
Eric NEWS: The NTS ALPN negotiation sequence has been modified for improved interoperability with orther NTS implementations. Would this be a better formulation? The NTS ALPN negotiation sequence now checks for length of the handshake string. This may break interoperability with other, non-compliant, NTS implementations. Basically, I wish to highlight that things may *break* with pre 1.2.0 -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Sat, Aug 24, 2019 at 2:12 AM Eric S. Raymond wrote: > Sanjeev Gupta : > > We need a point release. Significant things that have happened recently: > > > > > >- The g and G suffixes > >- Removal of neoclock4x > >- Some doc changes > >- The ALPN change > > > > The last is critical, it throws into doubt all the interop we have with > > other NTS implementations. We need a tag to describe our implementation, > > so that we can test again. > > > > Please note only the first point above is captured in the NEWS file. > > I just added notes about the neoclock removal and the ALPN change. > > I concur that a oint release is indicated. > -- > http://www.catb.org/~esr/;>Eric S. Raymond > > > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Point release of NTPSec
James, I am not sure on the time frame to patch and merge the issues you mentioned, but I am concerned about the change to the behaviour of NTS. We are not short of integers, 1.3.0 can be next week :-) On Sat, 24 Aug 2019, 3:27 AM James Browning via devel, wrote: > On Fri, Aug 23, 2019 at 9:43 AM Sanjeev Gupta via devel > wrote: > >> We need a point release. Significant things that have happened recently: >> >> >>- The g and G suffixes >>- Removal of neoclock4x >>- Some doc changes >>- The ALPN change >> >> The last is critical, it throws into doubt all the interop we have with >> other NTS implementations. We need a tag to describe our implementation, >> so that we can test again. >> >> Please note only the first point above is captured in the NEWS file. >> > > On a less joking note. > AFAICT issues 599 and 566 still affect FreeBSD. > My current merge requests can wait. > There is a stub in devel/README mentioning devel/tidy which never made it > into the tree. > Is there time to add an IPv4 only initialization option for NTS? > I think we should have hit 1.2.0 earlier but meh. > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Point release of NTPSec
On Sat, Aug 24, 2019 at 2:36 AM Matthew Selsky wrote: > Does it make sense to call this 1.2.0 instead of 1.1.7? Especially since > we have the ALPN compatiblity fix? > Yes, please. Although NTS implementation internally has (only trivially) changed, a bump to 1.2.0 would provide more warning to those we are testing interop with. -- Sanjeev ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Point release of NTPSec
We need a point release. Significant things that have happened recently: - The g and G suffixes - Removal of neoclock4x - Some doc changes - The ALPN change The last is critical, it throws into doubt all the interop we have with other NTS implementations. We need a tag to describe our implementation, so that we can test again. Please note only the first point above is captured in the NEWS file. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Does broadcast *server* mode still exist?
On Mon, Aug 19, 2019 at 1:45 PM Hal Murray via devel wrote: > > There is probably something like a FAQ entry that explains that if you > want to > get time relevant data from A to B, you have to start by sending something > from B to A, a nonce if nothing else. > > You could eliminate duplicates by having the sender include a sequence > number. > You would have to add a dance to get started. > > I don't see how to protect against delays without sending something from B > to > A -- or knowing the time. > Broadcast, manycast and multicast are server *discovery* methods, similar to pool. Once discovered, the usual ping-pong happens. > > > > >> I'm not sad to see broadcast modes gone. It was tangled up with a > >> state machine which I never really understood. > > > And may no longer exist since Daniel's massive refactor of the protcol > > engine! > > I removed the state machine after we had removed enough stuff (like > broadcast > and peers) so that the remaining cases were simple enough to understand. > That > was a while ago. > > > -- > These are my opinions. I hate spam. > > > > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Does broadcast *server* mode still exist?
On Mon, Aug 19, 2019 at 7:22 AM Eric S. Raymond via devel wrote: > Hal Murray : > > I remember a comment about there being no way to do broadcast securely. > It > > would be good to include an expanded version of that in the > documentation. > > That's covered. In the page on NTPsec changes: > > * Broadcast- and multicast modes, which are impossible to > secure, have been removed. > Broadcast is insecure for the _client_, if I understand it correctly. So the broadcastclient directive being dropped makes perfect sense. I was not sure if broadcast as a server was dropped for similar reasons. I will begin a pass through the docs, reading and removing stuff. Thanks ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Does broadcast *server* mode still exist?
On Sun, Aug 18, 2019 at 7:35 PM Eric S. Raymond wrote: > Sanjeev Gupta via devel : > > I have a feeling that was also removed, at some time. Has it? > > I do not recall that we explicitly removed it. But I wouldn't count on > it to work without testing. > The "Broadcast" item in ntpd/ntp_parser.yy was removed in 3703251c18d4dfd4c1b5c334875d4f7392d4789a Placing a "broadcast" line, as described in NTP Classic, generates an error: 2019-08-18T21:07:20 ntpd[12697]: CONFIG: readconfig: parsing file: /etc/ntp.conf 2019-08-18T21:07:20 ntpd[12697]: CONFIG: line 57 column 0 syntax error, unexpected T_String, expecting $end 2019-08-18T21:07:20 ntpd[12697]: CONFIG: syntax error in /etc/ntp.conf line 57, column 0 The documentation is inconsistent. There is some mention of broadcast and multicast, but the description of how to turn it on has been removed (which is why I had to consult NTP Classic documentation). Since the code, as of now, has no way to turn on broadcast _server_,and we have documented removal or broadcast _client_ , can I assume this is final? If yes, I will go through the docs, tidying them up. ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Does broadcast *server* mode still exist?
Hi, I know that broadcast *client* mode was removed last year, because it was impossible to secure. Broadcast *server* mode was deprecated. I have a feeling that was also removed, at some time. Has it? -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: 'g' suffix egg on my face
I can vouch for the fact that 100% of grouchy/lazy hobbyists running EOL equipment who tried this gave this feature five stars. It is not only my Puck that is EOL, but my i686 as well. Eric, next request. I have a spare parallel port on the system, could I have a software patch so that it can connect to a 10G optical WDM cable? Please? :-) On Sun, 18 Aug 2019, 4:11 AM Eric S. Raymond, wrote: > Sanjeev Gupta : > > Eric, > > > > It works, perfectly. > > > > refclock shm unit 1 prefer refid PPS time1 0g flag4 1 > > refclock shm unit 0 refid GPS time1 0.450g flag4 1 > > > > > > Note that the first line (PPS) also needs a "g" suffix, else I am reset > to > > 19 years ago. > > > > gpsmon still shows wrong time, but I need that only to check skyview. > > > > Thank you, thank you, thank you. > > > > -- > > Sanjeev Gupta > > +65 98551208 http://www.linkedin.com/in/ghane > > Mark: I think this feature justifies a point release. > > It'll make the hobbyist grognards running equipment from the last century > very happy. > -- > http://www.catb.org/~esr/;>Eric S. Raymond > > > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: 'g' suffix egg on my face
Eric, It works, perfectly. refclock shm unit 1 prefer refid PPS time1 0g flag4 1 refclock shm unit 0 refid GPS time1 0.450g flag4 1 Note that the first line (PPS) also needs a "g" suffix, else I am reset to 19 years ago. gpsmon still shows wrong time, but I need that only to check skyview. Thank you, thank you, thank you. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Sun, Aug 18, 2019 at 1:42 AM Eric S. Raymond via devel wrote: > Well, that was a simple fix. > > Turns out thre was a sneaky early exit in one of the functions > I was using, it bailed out if it didn't see an exponent part. > > Sanjeev, it should work much batter now. Give it a try? > -- > http://www.catb.org/~esr/;>Eric S. Raymond > > Love your country, but never trust its government. > -- Robert A. Heinlein. > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Error on g suffix in time1 fudge
Eric,a data point. This works: refclock shm unit 0 refid GPS time1 619315200.450 flag4 1 (the large number is 1024 weeks, the 0.450 is a delay) -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Sat, Aug 17, 2019 at 5:04 AM Eric S. Raymond wrote: > Sanjeev Gupta : > > Eric, > > > > My (minimal) config: > > > > root@ntpmon:~/ntpsec/docs# grep -v "^#" /etc/ntp.conf | grep -v "^$" > > logfile /var/www/html/ntp/ntpd.log > > logconfig =syncall +clockall +peerall +sysall > > statsdir /var/www/html/ntp/ > > filegen loopstats type day link > > filegen peerstats type day link > > filegen protostats type day link > > filegen rawstats type day link > > filegen sysstats type day link > > driftfile /var/lib/ntp/ntp.drift > > statistics loopstats peerstats clockstats > > refclock shm unit 0 refid GPS time1 0.650g flag4 1 # minpoll 1 maxpoll 5 > > restrict -4 default kod nomodify nopeer noquery limited > > restrict -6 default kod nomodify nopeer noquery limited > > restrict 127.0.0.1 > > restrict ::1 > > restrict source nomodify noquery > > > > > > ntpd command line: > > > > root@ntpmon:~/ntpsec/docs# kill -9 `pidof ntpd` ; ntpd -D 10 > > > > Log file: > > 2019-08-17T04:38:01 ntpd[22651]: INIT: Using SO_TIMESTAMPNS > > 2019-08-17T04:38:01 ntpd[22651]: IO: Listen and drop on 0 v6wildcard > > [::]:123 > > 2019-08-17T04:38:01 ntpd[22651]: IO: Listen and drop on 1 v4wildcard > > 0.0.0.0:123 > > 2019-08-17T04:38:01 ntpd[22651]: IO: Listen normally on 2 lo > 127.0.0.1:123 > > 2019-08-17T04:38:01 ntpd[22651]: IO: Listen normally on 3 eth1 > > 203.123.48.219:123 > > 2019-08-17T04:38:01 ntpd[22651]: IO: Listen normally on 4 lo [::1]:123 > > 2019-08-17T04:38:01 ntpd[22651]: IO: Listen normally on 5 eth1 > > [2405:fc00:0:1::123]:123 > > 2019-08-17T04:38:01 ntpd[22651]: IO: Listen normally on 6 eth1 > > [fe80::204:23ff:feb8:1c1e%3]:123 > > 2019-08-17T04:38:01 ntpd[22651]: IO: Listening on routing socket on fd > #23 > > for interface updates > > 2019-08-17T04:38:01 ntpd[22651]: INIT: This system has a 32-bit time_t. > > 2019-08-17T04:38:01 ntpd[22651]: INIT: This ntpd will fail on > > 2038-01-19T03:14:07Z. > > 2019-08-17T04:38:01 ntpd[22651]: PROTO: 0.0.0.0 c01d 0d kern kernel time > > sync enabled > > 2019-08-17T04:38:01 ntpd[22651]: PROTO: 0.0.0.0 c012 02 freq_set kernel > > 39.594910 PPM > > 2019-08-17T04:38:01 ntpd[22651]: PROTO: 0.0.0.0 c016 06 restart > > 2019-08-17T04:38:01 ntpd[22651]: NTSc: Using system default root > > certificates. > > > > > > root@ntpmon:~/ntpsec/docs# ntpq -V > > ntpq ntpsec-1.1.6+ 2019-08-16T20:21:12Z (git rev f99a58821) > > root@ntpmon:~/ntpsec/docs# ntpq -pn > > server=localhost No association IDs returned > > > > -- > > Sanjeev Gupta > > +65 98551208 http://www.linkedin.com/in/ghane > > > > > > On Sat, Aug 17, 2019 at 3:50 AM Eric S. Raymond via devel < > devel@ntpsec.org> > > wrote: > > > > > Sanjeev, would you please look in your logs and see if the config > > > parser throws an error related to that line? > > > -- > > > http://www.catb.org/~esr/;>Eric S. > Raymond > > > > > > You know why there's a Second Amendment? In case the government fails > to > > > follow the first one. > > > -- Rush Limbaugh, in a moment of unaccustomed profundity 17 > Aug > > > 1993 > > Odd that it's not throwing a parse error. > > Looks like I'll have to build some test jigs to get to the bottom of this. > -- > http://www.catb.org/~esr/;>Eric S. Raymond > > > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: New config feature - time1 can declare GPS wraparound compensation
On Sat, Aug 17, 2019 at 6:14 AM Gary E. Miller via devel wrote: > > On Sat, 17 Aug 2019 06:07:14 +0800 > Sanjeev Gupta wrote: > > > The widest integer I have is "long long int", which is 8 bytes. I > > need a bit more for "nuber of secs in 8192 weeks". > > Here is my math: > > seconds in 8192 weeks = 8192 weeks * 7 days in week * 24 hours in a day * > 60 minutes in an hour * 60 seconds in a minute > > >>> a = 8192 * 7 * 24 * 60 * 60 > >>> "%x" % a > '12750' > > Looks like 5 bytes to me. Is my math wrong? > No, but (long long) int is signed, so you only get to use 4 bytes. :-( > > Size of long long int: 8 bytes > > Looks good to me. > My new push (on Gitlab) uses (unsigned long long) , and tests OK on 32-bit and 64-bit systems. -- Sanjeev ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: New config feature - time1 can declare GPS wraparound compensation
Gary,
The widest integer I have is "long long int", which is 8 bytes. I need a
bit more for "nuber of secs in 8192 weeks".
I reproduce my attempt at C below, have I goofed up?
root@ntpmon:~/ntpsec# cat /tmp/aa.c
#include
int main()
{
int integerType;
long int longintegerType;
long long int longlongintegerType;
float floatType;
double doubleType;
long double longdoubleType;
char charType;
// Sizeof operator is used to evaluate the size of a variable
printf("Size of int: %ld bytes\n",sizeof(integerType));
printf("Size of long int: %ld bytes\n",sizeof(longintegerType));
printf("Size of long long int: %ld
bytes\n",sizeof(longlongintegerType));
printf("Size of float: %ld bytes\n",sizeof(floatType));
printf("Size of double: %ld bytes\n",sizeof(doubleType));
printf("Size of long double: %ld bytes\n",sizeof(longdoubleType));
printf("Size of char: %ld byte\n",sizeof(charType));
return 0;
}
root@ntpmon:~/ntpsec# /tmp/a.out
Size of int: 4 bytes
Size of long int: 4 bytes
Size of long long int: 8 bytes
Size of float: 4 bytes
Size of double: 8 bytes
Size of long double: 12 bytes
Size of char: 1 byte
--
Sanjeev Gupta
+65 98551208 http://www.linkedin.com/in/ghane
On Sat, Aug 17, 2019 at 5:49 AM Gary E. Miller via devel
wrote:
> Yo Sanjeev!
>
> On Sat, 17 Aug 2019 05:27:17 +0800
> Sanjeev Gupta wrote:
>
> > Gary,
> >
> > On my 32 bit x86, gcc 8
> >
> > Size of int: 4 bytesSize of long int: 4 bytesSize of long long int: 8
> > bytesSize of float: 4 bytesSize of double: 8 bytesSize of long double:
> > 12 bytesSize of char: 1 byte
> >
> > I have cast explicitly to (long double), please review:
> >
> > https://gitlab.com/NTPsec/ntpsec/merge_requests/1015
>
> I do not like using floating point when ints will do. Too much chance
> to get things like 8.
>
>
> RGDS
> GARY
> ---
> Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
> g...@rellim.com Tel:+1 541 382 8588
>
> Veritas liberabit vos. -- Quid est veritas?
> "If you can't measure it, you can't improve it." - Lord Kelvin
> ___
> devel mailing list
> devel@ntpsec.org
> http://lists.ntpsec.org/mailman/listinfo/devel
>
___
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
Re: New config feature - time1 can declare GPS wraparound compensation
Gary, On my 32 bit x86, gcc 8 Size of int: 4 bytesSize of long int: 4 bytesSize of long long int: 8 bytesSize of float: 4 bytesSize of double: 8 bytesSize of long double: 12 bytesSize of char: 1 byte I have cast explicitly to (long double), please review: https://gitlab.com/NTPsec/ntpsec/merge_requests/1015 -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Sat, Aug 17, 2019 at 5:05 AM Gary E. Miller via devel wrote: > Yo Eric! > > On Fri, 16 Aug 2019 17:01:02 -0400 > "Eric S. Raymond via devel" wrote: > > > Sanjeev Gupta : > > > Eric, > > > > > > sizeof(double) seems to be 8 bytes. The 8192 * No of Secs per week > > > overflows this. > > > > Huh. If "long double" isn't 16 bytes, we're foing to have a problem. > > How about "long long int"? > > RGDS > GARY > --- > Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 > g...@rellim.com Tel:+1 541 382 8588 > > Veritas liberabit vos. -- Quid est veritas? > "If you can't measure it, you can't improve it." - Lord Kelvin > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: New config feature - time1 can declare GPS wraparound compensation
Eric, double is 8 bytes long double is 12 bytes Long double should be enough, I think -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Sat, Aug 17, 2019 at 5:01 AM Eric S. Raymond wrote: > Sanjeev Gupta : > > Eric, > > > > sizeof(double) seems to be 8 bytes. The 8192 * No of Secs per week > > overflows this. > > Huh. If "long double" isn't 16 bytes, we're foing to have a problem. > -- > http://www.catb.org/~esr/;>Eric S. Raymond > > > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Error on g suffix in time1 fudge
Eric, My (minimal) config: root@ntpmon:~/ntpsec/docs# grep -v "^#" /etc/ntp.conf | grep -v "^$" logfile /var/www/html/ntp/ntpd.log logconfig =syncall +clockall +peerall +sysall statsdir /var/www/html/ntp/ filegen loopstats type day link filegen peerstats type day link filegen protostats type day link filegen rawstats type day link filegen sysstats type day link driftfile /var/lib/ntp/ntp.drift statistics loopstats peerstats clockstats refclock shm unit 0 refid GPS time1 0.650g flag4 1 # minpoll 1 maxpoll 5 restrict -4 default kod nomodify nopeer noquery limited restrict -6 default kod nomodify nopeer noquery limited restrict 127.0.0.1 restrict ::1 restrict source nomodify noquery ntpd command line: root@ntpmon:~/ntpsec/docs# kill -9 `pidof ntpd` ; ntpd -D 10 Log file: 2019-08-17T04:38:01 ntpd[22651]: INIT: Using SO_TIMESTAMPNS 2019-08-17T04:38:01 ntpd[22651]: IO: Listen and drop on 0 v6wildcard [::]:123 2019-08-17T04:38:01 ntpd[22651]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123 2019-08-17T04:38:01 ntpd[22651]: IO: Listen normally on 2 lo 127.0.0.1:123 2019-08-17T04:38:01 ntpd[22651]: IO: Listen normally on 3 eth1 203.123.48.219:123 2019-08-17T04:38:01 ntpd[22651]: IO: Listen normally on 4 lo [::1]:123 2019-08-17T04:38:01 ntpd[22651]: IO: Listen normally on 5 eth1 [2405:fc00:0:1::123]:123 2019-08-17T04:38:01 ntpd[22651]: IO: Listen normally on 6 eth1 [fe80::204:23ff:feb8:1c1e%3]:123 2019-08-17T04:38:01 ntpd[22651]: IO: Listening on routing socket on fd #23 for interface updates 2019-08-17T04:38:01 ntpd[22651]: INIT: This system has a 32-bit time_t. 2019-08-17T04:38:01 ntpd[22651]: INIT: This ntpd will fail on 2038-01-19T03:14:07Z. 2019-08-17T04:38:01 ntpd[22651]: PROTO: 0.0.0.0 c01d 0d kern kernel time sync enabled 2019-08-17T04:38:01 ntpd[22651]: PROTO: 0.0.0.0 c012 02 freq_set kernel 39.594910 PPM 2019-08-17T04:38:01 ntpd[22651]: PROTO: 0.0.0.0 c016 06 restart 2019-08-17T04:38:01 ntpd[22651]: NTSc: Using system default root certificates. root@ntpmon:~/ntpsec/docs# ntpq -V ntpq ntpsec-1.1.6+ 2019-08-16T20:21:12Z (git rev f99a58821) root@ntpmon:~/ntpsec/docs# ntpq -pn server=localhost No association IDs returned -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Sat, Aug 17, 2019 at 3:50 AM Eric S. Raymond via devel wrote: > Sanjeev, would you please look in your logs and see if the config > parser throws an error related to that line? > -- > http://www.catb.org/~esr/;>Eric S. Raymond > > You know why there's a Second Amendment? In case the government fails to > follow the first one. > -- Rush Limbaugh, in a moment of unaccustomed profundity 17 Aug > 1993 > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: New config feature - time1 can declare GPS wraparound compensation
Eric,
sizeof(double) seems to be 8 bytes. The 8192 * No of Secs per week
overflows this.
More info below:
root@ntpmon:/tmp# gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/i686-linux-gnu/8/lto-wrapper
Target: i686-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 8.3.0-19'
--with-bugurl=file:///usr/share/doc/gcc-8/README.Bugs
--enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++ --prefix=/usr
--with-gcc-major-version-only --program-suffix=-8
--program-prefix=i686-linux-gnu- --enable-shared --enable-linker-build-id
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix
--libdir=/usr/lib --enable-nls --enable-bootstrap --enable-clocale=gnu
--enable-libstdcxx-debug --enable-libstdcxx-time=yes
--with-default-libstdcxx-abi=new --enable-gnu-unique-object
--disable-vtable-verify --enable-libmpx --enable-plugin
--enable-default-pie --with-system-zlib --with-target-system-zlib
--enable-objc-gc=auto --enable-targets=all --enable-multiarch
--disable-werror --with-arch-32=i686 --with-multilib-list=m32,m64,mx32
--enable-multilib --with-tune=generic --enable-checking=release
--build=i686-linux-gnu --host=i686-linux-gnu --target=i686-linux-gnu
--with-build-config=bootstrap-lto --enable-link-mutex
Thread model: posix
gcc version 8.3.0 (Debian 8.3.0-19)
root@ntpmon:/tmp# cat aa.c
#include
int main()
{
int integerType;
float floatType;
double doubleType;
char charType;
// Sizeof operator is used to evaluate the size of a variable
printf("Size of int: %ld bytes\n",sizeof(integerType));
printf("Size of float: %ld bytes\n",sizeof(floatType));
printf("Size of double: %ld bytes\n",sizeof(doubleType));
printf("Size of char: %ld byte\n",sizeof(charType));
return 0;
}
root@ntpmon:/tmp# gcc aa.c
root@ntpmon:/tmp# ./a.out
Size of int: 4 bytes
Size of float: 4 bytes
Size of double: 8 bytes
Size of char: 1 byte
root@ntpmon:/tmp# uname -a
Linux ntpmon 4.19.0-5-686-pae #1 SMP Debian 4.19.37-3 (2019-05-15) i686
GNU/Linux
--
Sanjeev Gupta
+65 98551208 http://www.linkedin.com/in/ghane
On Sat, Aug 17, 2019 at 3:01 AM Eric S. Raymond wrote:
> Sanjeev Gupta :
> > Eric,
> >
> > On a 32-bit debian:
> >
> > [ 73/101] Compiling ntpd/ntp_io.c
> > ../../ntpd/ntp_scanner.c: In function ‘yylex’:
> > ../../ntpd/ntp_scanner.c:40:30: warning: integer overflow in expression
> of
> > type ‘long int’ results in ‘659554304’ [-Woverflow]
> > #define GPS_ERA_13BIT (8192L * SECONDS_IN_WEEK)
> > ^
> > ../../ntpd/ntp_scanner.c:940:20: note: in expansion of macro
> ‘GPS_ERA_13BIT’
> > era_offset += GPS_ERA_13BIT;
>
> That is rather odd. The L suffix on one of the multiplicands shhould have
> clued in the compiler that the expression has type long.
>
> What is sizeof(double) in that environment?
>
> Attempt at a fix pushed. Let me know if it continues to complain.
> --
> http://www.catb.org/~esr/;>Eric S. Raymond
>
>
>
___
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
Re: New config feature - time1 can declare GPS wraparound compensation
Eric, I am using the SHM driver , which talks to gpsd. The presence of the "g" suffix causes the line to be ignored. root@ntpmon:~/ntpsec# grep refclock /etc/ntp.conf refclock shm unit 0 refid GPS time1 0.650g flag4 1 root@ntpmon:~/ntpsec# kill -9 `pidof ntpd` ; ntpd -D 100 root@ntpmon:~/ntpsec# ntpq -pn server=localhost No association IDs returned ntpd.log: 2000-01-01T02:23:58 ntpd[20105]: INIT: Using SO_TIMESTAMPNS 2000-01-01T02:23:58 ntpd[20105]: IO: Listen and drop on 0 v6wildcard [::]:123 2000-01-01T02:23:58 ntpd[20105]: IO: Listen and drop on 1 v4wildcard 0.0.0.0:123 2000-01-01T02:23:58 ntpd[20105]: IO: Listen normally on 2 lo 127.0.0.1:123 2000-01-01T02:23:58 ntpd[20105]: IO: Listen normally on 3 eth1 203.123.48.219:123 2000-01-01T02:23:58 ntpd[20105]: IO: Listen normally on 4 lo [::1]:123 2000-01-01T02:23:58 ntpd[20105]: IO: Listen normally on 5 eth1 [2405:fc00:0:1::123]:123 2000-01-01T02:23:58 ntpd[20105]: IO: Listen normally on 6 eth1 [fe80::204:23ff:feb8:1c1e%3]:123 2000-01-01T02:23:58 ntpd[20105]: IO: Listening on routing socket on fd #23 for interface updates 2000-01-01T02:23:58 ntpd[20105]: INIT: This system has a 32-bit time_t. 2000-01-01T02:23:58 ntpd[20105]: INIT: This ntpd will fail on 2038-01-19T03:14:07Z. 2000-01-01T02:23:58 ntpd[20105]: PROTO: 0.0.0.0 c01d 0d kern kernel time sync enabled 2000-01-01T02:23:58 ntpd[20105]: PROTO: 0.0.0.0 c012 02 freq_set kernel 39.594910 PPM 2000-01-01T02:23:58 ntpd[20105]: PROTO: 0.0.0.0 c016 06 restart 2000-01-01T02:23:58 ntpd[20105]: NTSc: Using system default root certificates. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Sat, Aug 17, 2019 at 1:41 AM Eric S. Raymond via devel wrote: > I've just pushed a change that interprets a 'g' suffix on a clock time1 > fudge option as an instruction to add the number of seconds in a > 1024-week GPS era. There can be more than one g. Using this, you can > compensate for era rollover in old GPS devices. > > Credit to James Browning for the idea. It's actually done at the > scanner level, so it will work for other double-valued options such > as the time2 fudge - not that I expect that to be used. > > If you have a GPS old enough to require wraparound compensation, > please test; I don't think I do anymore. > > I've also updated the driver documentation, pointing out where this > option is likely to be of use, and the NEWS file. > > Mark: once we've tested this it might merit a point release. > -- > http://www.catb.org/~esr/;>Eric S. Raymond > > You know why there's a Second Amendment? In case the government fails to > follow the first one. > -- Rush Limbaugh, in a moment of unaccustomed profundity 17 Aug > 1993 > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: New config feature - time1 can declare GPS wraparound compensation
Eric, On a 32-bit debian: [ 73/101] Compiling ntpd/ntp_io.c ../../ntpd/ntp_scanner.c: In function ‘yylex’: ../../ntpd/ntp_scanner.c:40:30: warning: integer overflow in expression of type ‘long int’ results in ‘659554304’ [-Woverflow] #define GPS_ERA_13BIT (8192L * SECONDS_IN_WEEK) ^ ../../ntpd/ntp_scanner.c:940:20: note: in expansion of macro ‘GPS_ERA_13BIT’ era_offset += GPS_ERA_13BIT; ^ -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Sat, Aug 17, 2019 at 1:41 AM Eric S. Raymond via devel wrote: > I've just pushed a change that interprets a 'g' suffix on a clock time1 > fudge option as an instruction to add the number of seconds in a > 1024-week GPS era. There can be more than one g. Using this, you can > compensate for era rollover in old GPS devices. > > Credit to James Browning for the idea. It's actually done at the > scanner level, so it will work for other double-valued options such > as the time2 fudge - not that I expect that to be used. > > If you have a GPS old enough to require wraparound compensation, > please test; I don't think I do anymore. > > I've also updated the driver documentation, pointing out where this > option is likely to be of use, and the NEWS file. > > Mark: once we've tested this it might merit a point release. > -- > http://www.catb.org/~esr/;>Eric S. Raymond > > You know why there's a Second Amendment? In case the government fails to > follow the first one. > -- Rush Limbaugh, in a moment of unaccustomed profundity 17 Aug > 1993 > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Open Issues on Gitlab Tracker
Gary, True, and I see you are busy with gpsd these days. My suggestion: The last commit to ntpsec that touched code was over two months ago. In that sense, we have already had a quiet time :-) Eric will look at the open issues list. I assume there is nothing critical there, most of the reports are old I will work on integrating NTS into the documentation. We release 1.2, big feature is NTS, and continue handling bug reports. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Tue, Jun 18, 2019 at 10:08 AM Gary E. Miller via devel wrote: > Yo Sanjeev! > > On Tue, 18 Jun 2019 10:03:02 +0800 > Sanjeev Gupta wrote: > > > Release, release release! > > Yes, a good time to start the release window. But I bet that, just like > with gpsd, that starts a new round of bug reports... > > RGDS > GARY > --- > Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 > g...@rellim.com Tel:+1 541 382 8588 > > Veritas liberabit vos. -- Quid est veritas? > "If you can’t measure it, you can’t improve it." - Lord Kelvin > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Open Issues on Gitlab Tracker
Release, release release! On Tue, 18 Jun 2019, 9:59 AM Gary E. Miller via devel, wrote: > Yo Eric! > > On Mon, 17 Jun 2019 21:54:54 -0400 > "Eric S. Raymond via devel" wrote: > > > Sanjeev Gupta : > > > On Sun, Jun 16, 2019 at 8:47 PM Eric S. Raymond > > > wrote: > > > > Do you cansider the NTS documentation to be in good shape? > > > > > > > > > > Yes, enough to get it up and running. I have moved the Quickstart > > > from devel/ to docs/ , and merged it into the existing > > > documentation. > > > > > > I have had an NTS server running publicly for over 3 months, and it > > > seems stable. > > > > > > The NTS ID is in last call, I think the spec is stable, and we are > > > conformant. > > > > That's pretty much a wrap, then. Good. > > Conformant, but not full featured. > > Initial implementation done. But not done. > > RGDS > GARY > --- > Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 > g...@rellim.com Tel:+1 541 382 8588 > > Veritas liberabit vos. -- Quid est veritas? > "If you can’t measure it, you can’t improve it." - Lord Kelvin > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Open Issues on Gitlab Tracker
On Sun, Jun 16, 2019 at 8:47 PM Eric S. Raymond wrote: > Do you cansider the NTS documentation to be in good shape? > Yes, enough to get it up and running. I have moved the Quickstart from devel/ to docs/ , and merged it into the existing documentation. I have had an NTS server running publicly for over 3 months, and it seems stable. The NTS ID is in last call, I think the spec is stable, and we are conformant. ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Open Issues on Gitlab Tracker
Hi, We have 26 issues on the tracker, https://gitlab.com/NTPsec/ntpsec/issues As NTS support works (for me, and in interop), could we triage and release? -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Certificate rollover
Hi, I just realised something: LetsEncrypt certs are max 90 days. When I renew them, will I need to restart NTPd? So the max uptime of NTPd is 90 days? This does not matter now, when I am doing a git pull, build, restart daily, but would it have an impact in production? Can the S2C code check if the Cert has changed, and start using the new one? Or is that overkill? -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: I just pushed a NTS IP Address fix
Gary, no, I didn't install their cert chain. Do you need access to my host? On Thu, Mar 28, 2019, 9:25 AM Gary E. Miller via devel wrote: > Yo Sanjeev! > > On Thu, 28 Mar 2019 09:16:17 +0800 > Sanjeev Gupta wrote: > > > Mine works. > > Odd. > > > root@ntpmon:~/ntpsec# git describe > > NTPsec_1_1_3-444-gc4d912883 > > backup /usr/local/src/NTP/ntpsec # git describe > NTPsec_1_1_3-444-gc4d912883 > > > root@ntpmon:~/ntpsec# grep ostfalia /etc/ntp.conf > > server -4 nts3-e.ostfalia.de:443 burst iburst nts noval > > backup /usr/local/src/NTP/ntpsec # grep ostfalia /etc/ntp.conf > server nts3-e.ostfalia.de:443 nts noval > > I also tried your server line. > > > root@ntpmon:~/ntpsec# ntpq -p > > remote refid st t when > > poll reach delay offset jitter > > > === > > -nts3-e.ostfalia.de 192.53.103.104 2 6 180 > > 64 104 248.7034 -36.4861 0.0781 > > nts3-e.ostfalia .NTS. 16 u- 10240 0. 0. > 0.0001 > > I assume that you did not install their root cert? > > RGDS > GARY > --- > Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 > g...@rellim.com Tel:+1 541 382 8588 > > Veritas liberabit vos. -- Quid est veritas? > "If you can’t measure it, you can’t improve it." - Lord Kelvin > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: EXPORTER strings
Updated mine, thanks. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Sun, Mar 24, 2019 at 2:53 PM Hal Murray via devel wrote: > > I had the same problem, just change this > > ntpd/nts_client.c: const char *label = "EXPORTER-nts/1"; > > To this: > > ntpd/nts_client.c: char *label = "EXPORTER-network-time-security/1"; > > Then it worked for me. > > OK. I just pushed a fix. That will break things until everybody gets > updated. > > FreeBSD drops off the edge until they update to 1.1.1b > > > -- > These are my opinions. I hate spam. > > > > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: I just pushed a bug-fix - please update
Done. Thanks. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Sat, Mar 23, 2019 at 11:40 PM Hal Murray wrote: > > The server response wasn't setting up the right length for the encrypted > part. > The client receive side didn't use that field but computed the length > another > way so it didn't discover the bug. > > -- > These are my opinions. I hate spam. > > > > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Testing NTPSec with NTS
Gary, It works with a mix of NTS and NTP, I removed the NTP to force it to sync with your servers. All seems OK now. On Fri, Mar 22, 2019, 12:20 PM Gary E. Miller wrote: > Yo Sanjeev! > > On Fri, 22 Mar 2019 08:31:34 +0800 > Sanjeev Gupta wrote: > > > I removed all non-NTS servers from my config,and I am now synced!!! > > Weird. I can run with a mix of plain NTPD and NTS/NTPD. > > > No rest for the helpful: How do I check if I am an NTS server? > > I like Hal's suggestions. I also check with: nmap pi3 -p 123 > > > > RGDS > GARY > --- > Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 > g...@rellim.com Tel:+1 541 382 8588 > > Veritas liberabit vos. -- Quid est veritas? > "If you can’t measure it, you can’t improve it." - Lord Kelvin > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Testing NTPSec with NTS
Gary, I removed all non-NTS servers from my config,and I am now synced!!! root@ntpmon:~/ntpsec# ntpq -p remote refid st t when poll reach delay offset jitter === *pi3.rellim.com .PPS.1 8 63 64 377 199.4428 1.5205 0.5291 +kong.rellim.com 54.165.164.242 8- 64 377 210.1074 1.5080 1.3453 -104.131.155.175 204.123.2.72 2 8 57 64 377 178.6117 6.7752 1.3341 +178.62.68.7917.253.34.2532 8 58 64 377 185.7336 -0.4399 0.4358 Thank you. I will review the docs and add my 5-line HOWTO later today. No rest for the helpful: How do I check if I am an NTS server? -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Fri, Mar 22, 2019 at 7:45 AM Gary E. Miller via devel wrote: > Yo Sanjeev! > > > > Looks good. What is your server so I can try to connect back? > > My server is ntpmon.dcs1.biz . It is in the pool, BTW. > > I can't connect to any NTS from kong now. Not getting any cookies. > Some of my other 3 still work in various combinations. > > I'm not putting NTS on my one pool server yet. > > I tried to connect from my backup (1.0.1r), no cookies. > > 2019-03-21T16:40:59 ntpd[24257]: DNS: dns_probe: ntpmon.dcs1.biz, > cast_flags:1, flags: > 21801 > 2019-03-21T16:41:01 ntpd[24257]: NTSc: DNS lookup of ntpmon.dcs1.biz took > 1.749 sec > 2019-03-21T16:41:01 ntpd[24257]: NTSc: nts_probe connecting to > ntpmon.dcs1.biz:ntp => > [2405:fc00:0:1::123]:123 > 2019-03-21T16:43:12 ntpd[24257]: NTSc: nts_probe: connect failed: > Connection timed out > 2019-03-21T16:43:12 ntpd[24257]: DNS: dns_check: processing > ntpmon.dcs1.biz, 1, 21801 > 2019-03-21T16:43:12 ntpd[24257]: DNS: dns_take_status: ntpmon.dcs1.biz=>error, > 12 > > > > > What version of OpenSSL do you have? I'm finding that matters. > > > > > > > root@ntpmon:~/ntpsec# openssl version -a > > OpenSSL 1.1.1a 20 Nov 2018 > > I'm guessing version mismatch. Try my pi3.rellim.com, or backup, which > are on 1.0.2r. > > RGDS > GARY > --- > Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 > g...@rellim.com Tel:+1 541 382 8588 > > Veritas liberabit vos. -- Quid est veritas? > "If you can’t measure it, you can’t improve it." - Lord Kelvin > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Testing NTPSec with NTS
Gary, Adding this to /etc/services seems to fix the issue: ntp 123/tcp # Network Time Protocol I now see: -pi3.rellim.com .PPS.1 84 64 37 197.8958 0.5317 0.4966 -kong.rellim.com 204.17.205.172 85 64 37 211.0267 -1.1571 0.7353 -104.131.155.175 204.123.2.72 2 83 64 37 178.6108 4.1158 0.2288 -178.62.68.7917.253.34.2532 8- 64 37 185.7613 -2.6144 0.0452 And a snip from the log file says: 2019-03-22T07:43:48 ntpd[12580]: NTSc: nts_probe connecting to pi3.rellim.com:ntp => 204.17.205.23:123 2019-03-22T07:43:49 ntpd[12580]: NTSc: Using TLSv1.2, AES256-GCM-SHA384 (256) 2019-03-22T07:43:49 ntpd[12580]: NTSc: certificate subject name: /CN= pi3.rellim.com 2019-03-22T07:43:49 ntpd[12580]: NTSc: certificate issuer name: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 2019-03-22T07:43:49 ntpd[12580]: NTSc: certificate is valid. 2019-03-22T07:43:49 ntpd[12580]: NTSc: read 880 bytes 2019-03-22T07:43:49 ntpd[12580]: NTSc: Got 8 cookies, length 104, aead=15. 2019-03-22T07:43:49 ntpd[12580]: NTSc: NTS-KE req to pi3.rellim.com took 0.863 sec, OK 2019-03-22T07:43:49 ntpd[12580]: DNS: dns_check: processing pi3.rellim.com, 1, 21801 2019-03-22T07:43:49 ntpd[12580]: DNS: Server taking: 204.17.205.23 2019-03-22T07:43:49 ntpd[12580]: DNS: Server poking hole in restrictions for: 204.17.205.23 2019-03-22T07:43:49 ntpd[12580]: DNS: dns_take_status: pi3.rellim.com=>good, 0 -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Fri, Mar 22, 2019 at 7:32 AM Sanjeev Gupta wrote: > On Fri, Mar 22, 2019 at 7:24 AM Gary E. Miller via devel > wrote: > >> > I have been lurking and trying to set up NTS to talk to the rellim.com >> > servers. This is a recent git head. >> >> Cool. >> > > I just did a git pull and rebuilt. > > >> > My ntp.conf snippet: >> > >> > nts enable >> > nts cert /etc/letsencrypt/live/ntpmon.dcs1.biz/fullchain.pem >> > nts key /etc/letsencrypt/live/ntpmon.dcs1.biz/privkey.pem >> > server pi3.rellim.com nts >> > server kong.rellim.com nts >> >> Looks good. What is your server so I can try to connect back? >> > > My server is ntpmon.dcs1.biz . It is in the pool, BTW. > > > Been runnig for a few hours now. ntpq -pn output: >> > pi3.rellim.com .NTS. 16 u - 1024 0 0. 0. 0.0005 >> > kong.rellim.com .NTS. 16 u-1024 0 0. 0. 0.0005 >> >> Odd, you are not even getting the cookies. >> >> > And the log is here: https://pastebin.com/fM9uDwVi >> >> Weird: >> >> 2019-03-22T03:56:32 ntpd[21039]: NTSc: nts_probe: DNS error trying to >> contact pi3.rellim.com: -8, Servname not supported for ai_socktype >> >> >> What version of OpenSSL do you have? I'm finding that matters. >> > > root@ntpmon:~/ntpsec# openssl version -a > OpenSSL 1.1.1a 20 Nov 2018 > built on: Thu Nov 22 18:40:54 2018 UTC > platform: debian-i386 > options: bn(64,32) rc4(1x,char) des(long) blowfish(ptr) > compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g > -O2 -fdebug-prefix-map=/build/openssl-5z4Qxa/openssl-1.1.1a=. > -fstack-protector-strong -Wformat -Werror=format-security > -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ > -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT > -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM > -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM > -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time > -D_FORTIFY_SOURCE=2 > OPENSSLDIR: "/usr/lib/ssl" > ENGINESDIR: "/usr/lib/i386-linux-gnu/engines-1.1" > Seeding source: os-specific > > This is debian/testing, up to date. > > Thanks, > -- > Sanjeev > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Testing NTPSec with NTS
On Fri, Mar 22, 2019 at 7:24 AM Gary E. Miller via devel wrote: > > I have been lurking and trying to set up NTS to talk to the rellim.com > > servers. This is a recent git head. > > Cool. > I just did a git pull and rebuilt. > > My ntp.conf snippet: > > > > nts enable > > nts cert /etc/letsencrypt/live/ntpmon.dcs1.biz/fullchain.pem > > nts key /etc/letsencrypt/live/ntpmon.dcs1.biz/privkey.pem > > server pi3.rellim.com nts > > server kong.rellim.com nts > > Looks good. What is your server so I can try to connect back? > My server is ntpmon.dcs1.biz . It is in the pool, BTW. > Been runnig for a few hours now. ntpq -pn output: > > pi3.rellim.com .NTS. 16 u - 1024 0 0. 0. 0.0005 > > kong.rellim.com .NTS. 16 u-1024 0 0. 0. 0.0005 > > Odd, you are not even getting the cookies. > > > And the log is here: https://pastebin.com/fM9uDwVi > > Weird: > > 2019-03-22T03:56:32 ntpd[21039]: NTSc: nts_probe: DNS error trying to > contact pi3.rellim.com: -8, Servname not supported for ai_socktype > > > What version of OpenSSL do you have? I'm finding that matters. > root@ntpmon:~/ntpsec# openssl version -a OpenSSL 1.1.1a 20 Nov 2018 built on: Thu Nov 22 18:40:54 2018 UTC platform: debian-i386 options: bn(64,32) rc4(1x,char) des(long) blowfish(ptr) compiler: gcc -fPIC -pthread -Wa,--noexecstack -Wall -Wa,--noexecstack -g -O2 -fdebug-prefix-map=/build/openssl-5z4Qxa/openssl-1.1.1a=. -fstack-protector-strong -Wformat -Werror=format-security -DOPENSSL_USE_NODELETE -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DRC4_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DPADLOCK_ASM -DPOLY1305_ASM -DNDEBUG -Wdate-time -D_FORTIFY_SOURCE=2 OPENSSLDIR: "/usr/lib/ssl" ENGINESDIR: "/usr/lib/i386-linux-gnu/engines-1.1" Seeding source: os-specific This is debian/testing, up to date. Thanks, -- Sanjeev ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Testing NTPSec with NTS
Hi, I have been lurking and trying to set up NTS to talk to the rellim.com servers. This is a recent git head. My ntp.conf snippet: nts enable nts cert /etc/letsencrypt/live/ntpmon.dcs1.biz/fullchain.pem nts key /etc/letsencrypt/live/ntpmon.dcs1.biz/privkey.pem server pi3.rellim.com nts server kong.rellim.com nts Been runnig for a few hours now. ntpq -pn output: *SHM(1) .PPS.0 l 30 64 377 0. 0.0081 0.0096 xSHM(0) .GPS.0 l 29 64 377 0. 244.2190 12.4769 pi3.rellim.com .NTS. 16 u- 1024 0 0. 0. 0.0005 kong.rellim.com .NTS. 16 u- 1024 0 0. 0. 0.0005 And the log is here: https://pastebin.com/fM9uDwVi What am I missing? -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Certificates, DNS, Hackathon
I recently switched from namecheap to Gandi, because Gandi has better DNSSec support. Namecheap will offer you a .xyz or .vip domain for under $2 for the first year, $10 renewal. Basic DNS is included by all. But if you want something better,please have a look at https://dns.he.net. HE has servers anycasting all over, and they have a clean interface, with export-in-bind-format available. And they are free. So a domain with DNS is a few dollars for the first year, and $10 renewal. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Thu, Mar 21, 2019 at 3:57 AM Hal Murray via devel wrote: > > I've been testing with self-signed certificates. It's time to shift to > real > certificates. They need a FQDN which I don't have, so it's time to get a > domain. (I want one for other reasons anyway.) Anybody have suggestions > for > vendors? Low cost is obviously good, but so is low hassle and I'd prefer > one > that is not spammer/crook friendly. A package that includes DNS servers > would > save me having to learn about that and run them. How much does that add > to > the cost? > > > It would be nice if we had a couple of systems on the net for the > hackathon > this weekend. > > I have a couple of cloud servers in the pool. All they need is > certificates. > > > -- > These are my opinions. I hate spam. > > > > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: NTS off the ground - time for testing
On Wed, Feb 20, 2019 at 2:04 PM Hal Murray via devel wrote: > > Testing. Get it up and running in your local environment. If you have a > real > certificate and are willing to support some testing traffic, tell me/us > the > host name and/or send us the root certificate. > I have a server running ntpsec git head, in the pool. It has a valid SSL certificate. I would like to turn on NTS, etc, and see what happens. Can I start by assuming that the documentation in the subsection "== NTS-KE Server Configuration parameters" in devel/nts.adoc is current? -- Sanjeev ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Error in parsing ntp.conf
Hi, I just noticed this, no idea when this started. Feb 12 18:29:50 ntpmon ntpd[2152]: INIT: ntpd ntpsec-1.1.3+ 2019-02-12T10:25:36Z (git rev b4f55578e): Starting Feb 12 18:29:50 ntpmon ntpd[2152]: INIT: Command line: ntpd -c /etc/ntp.conf Feb 12 18:29:50 ntpmon ntpd[2153]: INIT: precision = 0.363 usec (-21) Feb 12 18:29:50 ntpmon ntpd[2153]: INIT: successfully locked into RAM Feb 12 18:29:50 ntpmon ntpd[2153]: CONFIG: readconfig: parsing file: /etc/ntp.conf Feb 12 18:29:50 ntpmon ntpd[2153]: CONFIG: line 11 column 6 syntax error, unexpected T_String Feb 12 18:29:50 ntpmon ntpd[2153]: CONFIG: syntax error in /etc/ntp.conf line 11, column 6 My ntp.conf starts with: (and this is my first use of "pr" since 1988!) 2018-06-28 20:11 /etc/ntp.conf Page 1 1# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help 2logfile /var/www/html/ntp/ntpd.log 3logconfig =syncall +clockall +peerall +sysall 4 5statsdir /var/www/html/ntp/ 6filegen loopstats type day link 7filegen peerstats type day link 8filegen protostats type day link 9filegen rawstats type day link 10filegen sysstats type day link 11filegen cryptostats type day link 12 13 14driftfile /var/lib/ntp/ntp.drift 15 16# Enable this if you want statistics to be logged. 17 18statistics loopstats peerstats clockstats 19 20refclock shm unit 1 prefer refid PPS flag4 1 prefer 21refclock shm unit 0 refid GPS time1 0.450 flag4 1 Question: What is line 11? After stripping away blank lines and comments? In either case, I see nothing funny on a column 6 -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Do certificates for IP Addresses work?
On Sat, Feb 2, 2019 at 8:57 AM Richard Laager via devel wrote: > > About 19% of the world is doing DNSSEC validation, in large part because > apparently 15% of the world is using Google's recursive DNS service. > Actually,things are much worse. The Google resolver checks for valid DNSSEC, and sets the bit. However, practically no one contacts Google DNS directly, it is their home router or office gateway that does this. And these resolvers do not check DNSSEC. Hence the validation chain is broken. If you 1. run a resolver locally on your machine; and 2. that does no forwarding; and 3. has validation turned on DNSSEC should work. You can then set the resolver to not accept non-signed replies (and most of the Internet will break). Please see: https://dnssec.vs.uni-due.de/ and https://en.internet.nl/ And, of course, applications such as ntpd will not know if the address resolved was secured with DNSSEC or not. They will, depending on the policy of their resolver, get an answer or not. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: NTS software
Hal, debian testing has 1.67 OpenSuse Tumbleweed has 1.68 -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Sun, Jan 13, 2019 at 9:00 AM Hal Murray via devel wrote: > The draft has links to two chunks of software. > https://gitlab.com/MLanger/nts/ > https://github.com/dfoxfranke/nts-hackathon > > I started with the second one. It's written in python, looks good. But > it's > client only. > > So I looked at the first one. It's c++. It needs boost 1.67. Fedora is > distributing 1.66. I poked around a bit, but not much. Boost has a tar > file > for 1.67, but I didn't see an easy way to set it up. > > It would be helpful if somebody good at this stuff can give me/us a recipe > to > build/run on Fedora or Debian. > > > -- > These are my opinions. I hate spam. > > > > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: ntpd: program structure
Gary, Hal, If you bump up your scale factor in the pool, traffic will ramp up slowly, over days or weeks. If you bump down, or leave, traffic will take months, or longer, to stop. On Sat, 12 Jan 2019, 4:02 am Hal Murray via devel > Gary said: > > I have a RasPi in the ntp pool. Typically around 200 kbps in and the > same > > back out. The 5 min load average is around 0.02. > > Go to your pool control page and bump up the bandwidth you are signed up > for. > It's not real bandwidth, just a scale factor. > > > Is there an easy way to get the queries per second? > > ntpq iostats > > We should probably make that smarter. > > > -- > These are my opinions. I hate spam. > > > > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: ntpd: program structure
On Mon, Jan 7, 2019 at 2:23 AM Achim Gratz via devel wrote: > Sanjeev Gupta via devel writes: > > root@ntpmon:~# ntpq -n -c direct -c mrulist | wc -l > > 17306 > > > > I am in the sg, in, and asia pools. v4 and v6. Server access is > available > > if you wish to poke around. > > What's the interface speed to the outside world, how much of it is used > up by NTP and what's the CPU load that can be accounted towards that > service? > Interface is 100Mbps ntpsec is the only network service on the machine. gpsd runs locally CPU load is under 3% Hardware is a dual-core Pentium 4, 2800MHz, from about 2006 Network traffic is under 100kbps PPS is about 500/s, RX is 10% more than TX Current client count is 18071 root@ntpmon:~# ntpq -n -c peers remote refid st t when poll reach delay offset jitter === *SHM(1) .PPS.0 l 39 64 377 0. -0.0006 0.0528 xSHM(0) .GPS.0 l 38 64 377 0. 48.8483 12.9107 216.239.35.0.GOOG. 1 u 28 64 377 195.7880 -0.1648 0.0204 216.239.35.12 .GOOG. 1 u 20 64 377 50.3100 -0.8755 0.2823 2.sg.pool.ntp.org .POOL. 16 p- 256 0 0. 0. 0.0005 +2407:8000:8001:80::8.MRS.1 u 23 64 377 37.6060 -0.8786 0.1608 2404:e800:3:300:218:186:3:36.INIT. 16 u- 64 0 0. 0. 0.0005 +223.255.185.2 .MRS.1 u 21 64 377 37.8041 -1.0410 0.1814 -128.252.19.1.GPS.1 u 23 64 377 233.0208 2.2710 0.0330 -128.2.1.22 128.237.148.140 2 u 11 64 377 246.0131 11.5193 0.0405 -128.86.8.123.MSF.1 u 17 64 377 255.4848 -36.0697 0.4654 131.107.13.100 .INIT. 16 u- 64 0 0. 0. 0.0005 2406:da18:abd:d701:3702:8488:136d:1a61 118.189.138.52 u 547 64 0 33.7980 -17.0944 0. -2400:8901::f03c:91ff:fef8:76c 162.213.2.2532 u3 64 377 1.6902 -1.3324 0.0659 -2400:6180:0:d0::39:7001 183.154.157.210 3 u5 64 377 2.5517 -0.7524 0.0954 -2001:19f0:4400:436d:5400:ff:fe69:ac60 10.84.87.146 2 u 13 64 377 2.1817 1.1334 0.0515 ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: ntpd: program structure
On Mon, Jan 7, 2019 at 12:57 AM Eric S. Raymond via devel wrote: > Achim Gratz via devel : > > > Anyway, I think that thinking about them as separate parts will help > our > > > discussions. > > > We should be able to improve performance on busy servers. > > > > It's been decades since I looked at an NTP server that has enough > > clients to make me wonder about performance, so I'd like to see actual > > numbers for a busy NTP pool server w/ a fast connection for a baseline. > > I concur. I would need to see actual measurements before I've convinced > that > ntpd with even a thosand client connections is a performance-degrading > load. > root@ntpmon:~# ntpq -n -c direct -c mrulist | wc -l 17306 I am in the sg, in, and asia pools. v4 and v6. Server access is available if you wish to poke around. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Out of date chunks in documentation
On Tue, Dec 25, 2018 at 3:32 AM Hal Murray via devel wrote: > The usual solution to the maintain 2 places problem is to write a program > to > translate one format into the other. Then we have to maintain that > program. :) > Which program? The C or the Python? Double :-) -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Warnings from asciidoc
Apologies. I meant that the current continuous integration is being tested only on Alpine, hence a breakage on Fedora may not be caught automatically. I build, with all reflcocks and docs, on Debian testing and Ubuntu dev weekly, no problems here. On Sun, 2 Dec 2018, 9:46 pm Hal Murray via devel > Sanjeev Gupta said: > > If I am reading the ci.yaml file right,the docs are being built only on > an > > Alpine image,not on Fedora, etc. > > That seems unlikely. I'd expect our doc to build on any system that > supports > asciidoc. Maybe not on an old version of asciidoc: configure checks for > asciidoc version >= 8.6.0 > > You do have to configure with --enable-doc. > > For me, I get the warnings on Fedora but not on Debian. > > > -- > These are my opinions. I hate spam. > > > > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Warnings from asciidoc
Gary, Hal, If I am reading the ci.yaml file right,the docs are being built only on an Alpine image,not on Fedora, etc. Matt is maintaining this file, I think -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Sat, Dec 1, 2018 at 6:17 AM Gary E. Miller via devel wrote: > Yo Hal! > > On Fri, 30 Nov 2018 13:52:49 -0800 > Hal Murray wrote: > > > > I also have asciidoc 8.6.10, but I see no such thing. I don't even > > > see the "Compiling docs/ntpd.txt". What is your command line to > > > get there, from a clean git clone. > > > > The default is to not build documentation. Add --enable-doc > > Thanks. Now I am building the docs. No warnings for me: > > [ 51/167] Compiling docs/ntp_keys.txt > [ 52/167] Compiling docs/ntpd.txt > [ 53/167] Compiling docs/ntpdig.txt > > # asciidoc --version > asciidoc 8.6.10 > > asciidoc calls a large toolchain. Maybe another component differs between > us? > > Here are 3 important prerequisites: > > app-text/docbook-xml-dtd-4.5-r1 > app-text/docbook-xsl-stylesheets-1.79.1-r2 > dev-libs/libxslt-1.1.32 > > RGDS > GARY > --- > Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 > g...@rellim.com Tel:+1 541 382 8588 > > Veritas liberabit vos. -- Quid est veritas? > "If you can’t measure it, you can’t improve it." - Lord Kelvin > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: NIST unit rules and conventions
On Sat, Sep 22, 2018 at 12:54 AM Paul Theodoropoulos
wrote:
> On 9/21/2018 1:07 AM, Sanjeev Gupta wrote:
>
> My concern is that the space between "25" and "kg" should be
> non-breaking. Else, readability suffers badly. How do you do this in
> asciidoc?
>
>
> By non-breakingI assume you mean some way to ensure that the value
> doesn't get separated from the unit on a line-break during conversion? I
> hadn't even thought of that.
>
Yes, having a sentence ...
The change in the value of the residual, after 2 hours or 35 iterations,
should not exceed 23
ppm is a requirement of various standards, among which are NIST 543:62 and
FIPS
180 published in 2017.
... is slightly confusing wih the line breaks as above.
> A quick search yielded this -
> https://www.methods.co.nz/asciidoc/faq.html#_how_can_i_include_non_breaking_space_characters
>
> Use the non-breaking space character entity reference (see the
> next question). You could also use the predefined {nbsp} attribute
> reference.
>
> The problem them is that although the HTML (and PDF) document would be
great, the text file would be unreadable.This destroys the reason to use
asciidoc.
> But then - would that imply that the non-breaking space would have to be
> inserted at nearly all value/unit entries, since we can't know for sure
> where asciidoc may wind up doing a line break? I guess it could be
> case-by-case, if a test conversion has it happen, insert one there.
>
... but you do not know how wide my terminal is when I display the text ...
--
Sanjeev Gupta
+65 98551208 http://www.linkedin.com/in/ghane
___
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
Re: NIST unit rules and conventions
Paul, Personally, I find 25kg, 50ppm, 3m, more readable; but that is neither here nor there. My concern is that the space between "25" and "kg" should be non-breaking. Else, readability suffers badly. How do you do this in asciidoc? -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Thu, Sep 20, 2018 at 3:56 AM Paul Theodoropoulos via devel < devel@ntpsec.org> wrote: > NIST has a page of guidelines for formatting units in documents - > > https://physics.nist.gov/cuu/Units/checklist.html > > I am conforming unit presentation within the various documents I'm editing > to use the guidelines, mostly #15: > > There is a space between the numerical value and unit symbol, even when > the value is used in an adjectival sense, except in the case of superscript > units for plane angle. > > proper: a 25 kg sphere > an angle of 2° 3' 4" > If the spelled-out name of a unit is used, the normal rules of > English apply: "a roll of 35-millimeter film." > > improper: a 25-kg sphere > an angle of 2 ° 3 ' 4 " > > So for example, where there are instances of 50ppm, 8-ms, I'm updating > them to 50 ppm, 8 ms. > > Uniformity of presentation seems like a desireable goal - are there any > objections to following these particular guidelines? > > There's a handful of other conventions codified that may turn up needing > conformance, which I'll also conform where I find them - where reasonable. > > -- > Paul Theodoropouloswww.anastrophe.com > > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
On the perils of PYTHONPATH
https://xkcd.com/1987/ Enough said? -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: 1.0.1 and ntpsnmpd
Jason, yes, that is the result of the bounty offer. I have not had a chance to play with it, but the offer included a requirement to upstream into cacti and provide a working example. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Fri, Mar 16, 2018 at 3:35 AM, Jason Azze via devel <devel@ntpsec.org> wrote: > On Fri, Mar 2, 2018 at 12:17 AM, Sanjeev Gupta <gha...@gmail.com> wrote: > >> Please see >> >> https://github.com/netniV/cacti-templates/tree/master/NTP >> > > Sanjeev, was this template created in response to your bounty? I finally > worked through getting ntpsnmpd up and talking to AgentX on my test > machine, but all of my Cacti graphs from netniV's template come up NaN. > > Ian, could you recommend an snmpwalk command or something similar that > will help answer the question: "How do I know I've got ntpsnmpd working?" > > > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: 1.0.1 and ntpsnmpd
Please see https://github.com/netniV/cacti-templates/tree/master/NTP On 27 Feb 2018 7:45 pm, "Sanjeev Gupta" <gha...@gmail.com> wrote: Apologies. I checked an hour ago, and the guy who assured me that we were using 'native' SNMP has come back saying he setup the cacti script that talks over ntpq I have posted a bounty offer on the cacti forum. Apologies for raising hopes. On 27 Feb 2018 7:40 pm, "Jason Azze via devel" <devel@ntpsec.org> wrote: > On Mon, Feb 26, 2018 at 7:18 PM, Richard Laager via devel > <devel@ntpsec.org> wrote: > > On 02/26/2018 06:16 PM, Sanjeev Gupta wrote: > >> Richard, I am using cacti. > > > > That's what I was hoping to hear, since I also run Cacti. Are you > > willing to share your templates? > > I'm also a Cacti user, though it has been years since I logged on to > the Cacti forums to search for a template. If you have one that works, > Sanjeev, I'd also like to get in on the action. > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: 1.0.1 and ntpsnmpd
Apologies. I checked an hour ago, and the guy who assured me that we were using 'native' SNMP has come back saying he setup the cacti script that talks over ntpq I have posted a bounty offer on the cacti forum. Apologies for raising hopes. On 27 Feb 2018 7:40 pm, "Jason Azze via devel" <devel@ntpsec.org> wrote: > On Mon, Feb 26, 2018 at 7:18 PM, Richard Laager via devel > <devel@ntpsec.org> wrote: > > On 02/26/2018 06:16 PM, Sanjeev Gupta wrote: > >> Richard, I am using cacti. > > > > That's what I was hoping to hear, since I also run Cacti. Are you > > willing to share your templates? > > I'm also a Cacti user, though it has been years since I logged on to > the Cacti forums to search for a template. If you have one that works, > Sanjeev, I'd also like to get in on the action. > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: 1.0.1 and ntpsnmpd
> Related to point 2; do you have rough numbers of how long / many instances of this have been running? A few weeks now on at least one. You may recall I had a bug report about IPv6 addresses. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Tue, Feb 27, 2018 at 2:08 PM, Ian Bruene via devel <devel@ntpsec.org> wrote: > > > On 02/26/2018 06:13 PM, Sanjeev Gupta via devel wrote: > > Hi, > > For what it is worth, I am running the ntpsnmpd code on a number of debian > and ubuntu machines for some time, including one with an actual GPS. No > issues so far. > > I just like to see graphs. > > > Hooray! Someone is using the code! > > 1. This means it is useful. > > 2. This gives some confirmation of stability. > > Related to point 2; do you have rough numbers of how long / many instances > of this have been running? > > -- > *"In the end; what separates a Man, from a Slave? Money? Power? No. A Man > Chooses, a Slave Obeys."* -- Andrew Ryan > > *"Utopia cannot precede the Utopian. It will exist the moment we are fit > to occupy it."* -- Sophia Lamb > > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: 1.0.1 and ntpsnmpd
(apologies for the top posts) Richard, I am using cacti. Have been planning to add it to observium as well, will try tonight. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Tue, Feb 27, 2018 at 8:14 AM, Richard Laager <rlaa...@wiktel.com> wrote: > On 02/26/2018 06:13 PM, Sanjeev Gupta wrote: > > For what it is worth, I am running the ntpsnmpd code on a number of > > debian and ubuntu machines for some time, including one with an actual > > GPS. No issues so far. > > > > I just like to see graphs. > > What are you using to graph the NTP SNMP data? > > -- > Richard > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: 1.0.1 and ntpsnmpd
Hi, For what it is worth, I am running the ntpsnmpd code on a number of debian and ubuntu machines for some time, including one with an actual GPS. No issues so far. I just like to see graphs. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Tue, Feb 27, 2018 at 8:09 AM, Richard Laager via devel <devel@ntpsec.org> wrote: > On 02/26/2018 09:50 AM, Mark Atwood via devel wrote: > > Does the Debian packaging have it be it's own package? > > It's unclear to me what exactly you're asking, so I'll give various > information which may help: > > No NTPsec ntpsnmpd has shipped in a released version, so the Debian > package doesn't do anything with it currently, because it doesn't exist. > > The ntp package (NTP Classic) does not ship any ntpsnmpd. It explicitly > configures with --without-ntpsnmpd. It does ship a documentation file > for it, presumably for lack of special-casing that. > > If ntpsnmpd is experimental and there is no precedent from NTP Classic, > my first inclination is to not bother shipping it at all, for now. That > just punts the problem to the future, though, when it's not marked > experimental. > > From the "d" at the end of the name, I assume ntpsnmpd has to run as a > daemon, as opposed to being invoked as a script by snmpd. Off the top of > my head, I'd probably ship it in a separate package. I assume most > people using ntpd will not want ntpsnmpd. > > If that's the route I plan to go, then I'll probably do it sooner, > rather than later, as adding new binary package names requires extra > review (which can take a long time). That way, we start the clock on > ntpsec-snmp (or whatever) while it is still experimental. > > -- > Richard > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Name clash
> That works only because we install in /usr/local/ while the system version of > ntp classic gets installed in /usr/ What's going to happen if a distro > packages up our stuff and somebody wants to install both our code and ntp > classic? For a distro, like Debian, the new package would be called "ntpsec", and marked as conflicting with ntp. So installing ntpsec would remove ntp. Namespace clashes would not occur. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Sat, Feb 17, 2018 at 6:08 AM, Hal Murray via devel <devel@ntpsec.org> wrote: > > We have ntpd and ntpq that replace the programs with the same names from > ntp > classic. > > For testing, we install in /usr/local/ so we don't conflict with a system > version of ntp classic. If you hack your search path, you get our code > rather than the system programs with the same names. > > That works only because we install in /usr/local/ while the system version > of > ntp classic gets installed in /usr/ What's going to happen if a distro > packages up our stuff and somebody wants to install both our code and ntp > classic? > > How do other projects with similar name clashes handle things? > > Are we setting ourselves up for problems tomorrow by hijacking the names to > make things convenient today? > > There are similar problems with man pages. Probably others that I can't > think of right now. > > > -- > These are my opinions. I hate spam. > > > > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: rasPi Stretch Lite install notes
> - sudo apt-get update && sudo apt-get -us dist-upgrade && sudo
apt-get -u dist-upgrade && sudo apt-get autoremove
I find
apt-get --purge autoremove
better, as it removes any config files as well, reducing surprises when you
next re-install a package.
--
Sanjeev Gupta
+65 98551208 http://www.linkedin.com/in/ghane
On Sun, Jan 7, 2018 at 9:38 PM, Achim Gratz via devel <devel@ntpsec.org>
wrote:
>
> I've been postponing the upgrade of the rasPi 1B+ to Stretch for a
> while… well, the three year old SD card gave up the ghost while I was
> away over the holidays, so that has been forced on me to do yesterday.
> After a few days of trying I could actually dump an image of the card so
> I have salvaged the logs up until the filesystem went read-only and I
> only lost about a week of data (the ntpd itself was still operational).
>
> Here are the notes from my install in the hope it may help somebody on
> their next installation:
>
> --8<---cut here---start->8---
> *** Raspbian Stretch Lite install
> Modify SD card image
> - cd /mnt/root # root partion
>+ vi etc/shadow # change password hash (copy from other machine
> or use passwd -R /mnt/root pi)
>+ vi etc/hostname # change hostname
>+ vi etc/hosts# change hostname
> - cd /mnt/boot
>+ touch ssh # enable ssh
>+ vi cmdline.txt # remove serial console
>+ vi config.txt # add gpio-pps overlay
> Post Initial Boot
> - uname -a # Linux raspberrypi1 4.9.59+ #1047 Sun Oct 29 11:47:10 GMT
> 2017 armv6l GNU/Linux
> - sudo apt-get update && sudo apt-get -us dist-upgrade && sudo
> apt-get -u dist-upgrade && sudo apt-get autoremove
> - sudo dpkg-reconfigure tzdata locales # set up TZ and locale
> information, ensure availability of at least one UTF-8 locale
> - echo LC_MESSAGES=POSIX | sudo tee -a /etc/default/locale
> - sudo apt-get install ntp emacs cpufrequtils pps-tools setserial
> miniterm picocom python-serial rsync git
> - systemctl stop systemd-timesyncd && systemctl disable
> systemd-timesyncd # stop and disable timesyncd (SNTP client)
> - sudo apt-mark hold ntp # install ntpsec over existing scaffolding
> - sudo reboot
> NTPsec development
> - git clone https://gitlab.com/NTPsec/ntpsec.git
> - sudo ./buildprep --doc --ntpviz # this pulls in way too many
> packages…
> - ./waf configure --refclock=nmea,pps,local,generic,shm
> --prefix=/usr --enable-early-droproot
> - sudo vi /etc/udev/rules.d/{77-dcf77,66-ublox6,88-ublox8,99-
> navspark}.rules
> - sudo udevadm trigger
> - sudo vi /etc/cron.daily/ntp # increase retention period
> - sudo vi /etc/ntp.conf
> - echo "1 SHA1" $(base64 /dev/urandom | tr -d '+/=' | head -c 20) |
> sudo tee /etc/ntp.keys && sudo chmod 600 /etc/ntp.keys
> - sudo rm /var/run/ntp.conf.dhcp /etc/dhcp/dhclient-exit-hooks.d/ntp
> - sudo mkdir -p /var/log/ntpstat && sudo chown ntp.ntp
> /var/log/ntpstat
> - rm wafhelpers/.autorevision-cache ; ./waf build && sudo ./waf
> install && sudo systemctl restart ntp && watch -n 5 'ntpq -W92 -c rv -c
> peers -c "cv &1" -c "cv &2"'
> --8<---cut here---end--->8---
>
>
> Regards,
> Achim.
> --
> +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+
>
> SD adaptation for Waldorf microQ V2.22R2:
> http://Synth.Stromeko.net/Downloads.html#WaldorfSDada
>
> ___
> devel mailing list
> devel@ntpsec.org
> http://lists.ntpsec.org/mailman/listinfo/devel
___
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
Re: Bite of the Buildbugs!
> 2. Provide tools, options and support, for binary downstreams (Debian,
> Mint, etc.), to repackage ntpsec components as binaries, integrated with
> their install tools.
As a start, as Richard has already done the work of packaging ntpsec for
Debian, perhaps we could include his "patches" in HEAD? Then I can try
them out regularly on Ubuntu and Debian variants I run, and file
appropriate reports.
Thanks,
--
Sanjeev Gupta
+65 98551208 http://www.linkedin.com/in/ghane
On Tue, Dec 12, 2017 at 9:45 AM, Gary E. Miller via devel <devel@ntpsec.org>
wrote:
> Yo Ian!
>
> On Sun, 10 Dec 2017 16:26:01 -0600
> Ian Bruene via devel <devel@ntpsec.org> wrote:
>
> > On 12/10/2017 10:52 AM, Eric S. Raymond wrote:
> > > Ugly, but simple. I'd like to hear counterargument from Gary and
> > > Fred before we make a final decision. Keep it succint, guys.
> >
> > Agreed. My main concern is that trying to be clever here has many
> > ways to go wrong, and few ways to detect them before it gets to users.
>
> Sorry to be late responding, been recovering from a lung crud going around
> my area locally...
>
> > > Do you understand the problem well enough that you could specify an
> > > upstream fix?
> >
> > I'm not yet certain whether python or the distributions have
> > jurisdiction here. Earlier comments from rlaager suggest that it is
> > the distributions. Working on getting an error specification...
>
> Unless, and until, we get ntpsec has a pip package, the python dwnstream
> rules do not apply. Since the core of ntpsec is, currently, C, putting
> ntpsec in pip would be a mistake, probably not even possible.
>
> As for the distributions, nothing ntpsec can do has any force on
> downstream. Sure, we can make things easier, or harder, for them, but
> they are free to, and do, patch however they feel like.
>
> IMHO, our packaging responsibilities, and priorities, would be in
> roughtly in order from most to least important.
>
> 1. Maintain a master git head that is easy for anyone to install
> directly from our git or tarball.
>
> 2. Provide tools, options and support, for binary downstreams (Debian,
> Mint, etc.), to repackage ntpsec components as binaries, integrated with
> their install tools.
>
> 3. Provide tools, options and support for source downstreams (Gentoo, etc.)
> to create install scripts.
>
> Clearly we control #1. Clearly binary distros retain control over #2.
> Similarly source distros over #3.
>
> For #2 and #3, all we can do is be helpful and responsive to heir
> wishes
>
> Each of these three targets needs to be respectful of the other. Being
> respectful means each installs into the users systems in their own
> reserved spots, separate from the other's reserved spots.
>
> One way we help that is to offer a rich variety of install options that
> aallow binary and srouce distributions to use our software to install
>
> The differenecs are small, but important, and kinda laid out in the FHS.
>
> Installs from git go into /usr/local/. That keeps us from stepping on
> the distro version of netsec.
>
> Binary distro installs, unexpectedly to some, go into a temporary
> location (/var/tmp/XX?). Then it is up to the binary packager to
> put the binaries, man pages, config files, etc., into a distro
> standard package (.deb, .run, .zip, etc.). Then, later, up to the package
> installer to put the binaries in the proper place on the user's disk.
> Usually /usr/{bin,sbin,lib, etc.}.
>
> Source distro installs will be similar to git installs, except they'll
> apply some patches, build the binaries, and install in the /usr tree
> similar to a binary distro.
>
> It is right and proper for binary and source distros to, by default,
> install ntpsec in primary positions, and do what is necessary to make
> ntpsec ready to run. With minimal, or no, further configuration.
>
> IMHO, it is not right, for a git install to do so. For many reasons.
> We do not want to step on distro installed packages. The user maybe
> just building the binaries for private testing, or installing on a
> system not the current one. Since we can not read their minds, we
> give them lots of tools (--prefix, --exec-prefix, etc.) to easily do
> what they want/need to do.
>
> Not just my opinion, but a fundamental part of the philosophy of the FHS.
>
> For new, we can stick to our part, direct git installs, and otherwise
> wait for distro input on what the want from us.
>
> Which, finally, brings us to what we need to do to help ourselves
> and our git users, to install and use our package.
>
> Our part then splits into 2 nice tasks. First, we give the user the
> tools
Re: Upcoming feature freeze
Hi, I would dearly love to see #204 (/etc/ntp.d) be included in 1.0. As a SysAdm, I typically read the new features list rarely. If it does not land in 1.0 (and pacakge managers and I do not start using it then), it may never get used. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane On Wed, Aug 23, 2017 at 10:07 PM, Eric S. Raymond via devel < devel@ntpsec.org> wrote: > Our planned ship date for 1.0 is 28 September. > > We'll feature-freeze sooner than that - not sure when yet but > somewhere in the ballpark of 7-14 September seems likely. > > We're down to 7 issues on the tracker. Feature freeze has > implications for the two that are RFEs, and for one other. > Here they are: > > #251: Add fudge option to server config > > If this is going to happen in 1.0. somebody needs to land a patch > before feature freeze. That someone should be equipped to test the > patch - e.g. not me, as I don't have significant asymmetric delay > to contend with. > > If someone steps up, though, I will write the scanner/parser end to > get that offset number into the peer structure. It's not reasonable > to expect anyone else but me to grapple with *that* part of the code. > > Remember, documentation patches *are* required when you add a feature > > As this would be a pure feature addition, there's no issue with > allowing it to wait until 1.1. > > #204: Support /etc/ntp.d > > This feature is working, and documented - has been for more than 6 > months. For pretty obvious reasons, we should not go breaking > backward compatibility after 1.0. > > That means the window during which we can change the behavior is > getting pretty short. Anybody who wants this has two to three > weeks, at the outside, to make the argument and ship the code. > > When I say "make the argument" I mean that I want to see a concrete > design and an explanation of why it solves all the problems this one > does, and one or more additional ones. Merely not liking it the way > it is insufficient. > > #55: ntpd refclock GPSD_JSON just stops working. > > I am unhappy with this driver. I believe - as this bug demonstrates - > that it's too crappy to ship if we want to establish and maintain a > reputation for trouble-free operation. > > It's an unusual case - the feature that brings it closest to working > right is marked experimental, and it's redundant with the SHM driver > because GPSD feeds the SHM driver quite happily. In fact, the JSON > parsing overhead means the latency and jitter of this driver is > necessarily inferior to delivery via SHM. > > Thus, I think the best thing to do about it would be do simply delete it > and shed the defect exposure, redirecting users to GPSD+SHM. And > if that going to happen, it needs to happen *now* - that is, before > 1.0 implies a promise that it will be stable and maintained. > > If any of you have an interest in saving this driver, step up now > and fix it. > -- > http://www.catb.org/~esr/;>Eric S. Raymond > > "As to the species of exercise, I advise the gun. While this gives [only] > moderate exercise to the body, it gives boldness, enterprise, and > independence > to the mind. Games played with the ball and others of that nature, are too > violent for the body and stamp no character on the mind. Let your gun, > therefore, be the constant companion to your walks." > -- Thomas Jefferson, writing to his teenaged nephew. > ___ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel > ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: ✘HPUX ??
On Thu, Jun 8, 2017 at 7:11 AM, Gary E. Miller via devel <devel@ntpsec.org> wrote: > > Sanjeev, keep those servers mothballed, unless you have a personal > > itch make hpux work. > > Oh, I hope not... Give them to a museum, if they'll take them... Gary, the critical word there is "if". How do you think I landed up with them? Thought they were really cool and should not be discarded, broke my back trying to pick them up. :-) -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: NTPsec on MIPSbe
On Wed, May 24, 2017 at 3:23 AM, Matthew Selsky via devel <devel@ntpsec.org> wrote: > > Sanjeev/Hal, > > Did waf's endian-ness test not detect this properly? It worked perfectly, no manual intervention or extra parameters required. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
NTPsec on MIPSbe
After a fruitless two months trying to find a big endian machine, I finally booted a qemu instance. Running Debian 7, 256M RAM, 32 bit. gcc 4.6, kernel 3.2 buildprep fails because Debian 7 did not have libseccomp. I installed python-dev, bison, and build-essential manually. waf configured, built, passed checks, and installed. Running now for 12 hours Will upgrade to Debian 8.8 now. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: DEBUG in ntpsec
On Fri, Apr 14, 2017 at 6:27 PM, Hal Murray <hmur...@megapathdsl.net> wrote: > > We should probably measure the size difference and/or run time differences. > The latter will take something like a busy pool server. I have one, ntpmon.dcs1.biz , in a very busy pool, IPv6, ntpsec git head, with gpsd git head. Debian testing head, too :-) Let me know who needs access. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Current HEAD is broken
On Wed, Apr 5, 2017 at 4:47 PM, Hal Murray <hmur...@megapathdsl.net> wrote: > > Is there a web page that describes buildbot? If not, I'll make it if you > feed me the info. And shift buildbot web master to the new server :-) -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
A talk on NTPsec
Hi, FossAsia is a large(ish) hacker conference in Singapore, now 4 or 5 years old. I thought of a short talk on NTPsec. The blurb (which is not possible in the 25mins allocated) is here: http://2017.fossasia.org/tracks.html#2017-03-19-Security%20and%20Privacy (search for Sanjeev) It is setup just before lunch, I plan to actually use a RPi and a GPS puck to build and run NTPsec. Any pointers for the talk? Average audience is 25-35 year olds, from S E Asia. Susan, do you have a slide deck I could "be inspired by"? -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: lfpinit() signed or unsigned?
On Sun, Mar 12, 2017 at 2:19 AM, Gary E. Miller <g...@rellim.com> wrote: > On my long term todo list to get more buildbots up. Hey, what happened to the plan to shift to the VM I set up? -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Repository downtime scheduled from 1500 to 1600 today
On Tue, Mar 7, 2017 at 9:30 AM, Hal Murray <hmur...@megapathdsl.net> wrote: > > What do the Linux geeks do to fix their typos? They must get one > occasionally? "Never breaking userspace" means typos must be preserved :-) -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Timekeeping oddities on MacMini G4s
On Fri, Feb 10, 2017 at 10:51 AM, Gary E. Miller <g...@rellim.com> wrote: > Ranges: > 90% 0.027 ppm > 95% 0.036 ppm > StdDev 0.009 ppm > Mean-4.377 ppm > > Notice the Standard Deviation: 9 ppb! > Stop showing off, Sir!!! One more, just one more, graph, and I will resign my time-nuts membership. :-) -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Testing unusual build options
On Fri, Feb 3, 2017 at 5:12 AM, Gary E. Miller <g...@rellim.com> wrote: > I would want my installedcode to match my installed doc. If you are editing only the docs (as I do), you may wish to rebuild the docs after every commit to check. Since waf is so fast, I just do a ./waf build anyway, so this is academic for me. -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Timings for random
On Mon, Jan 30, 2017 at 9:15 AM, Hal Murray <hmur...@megapathdsl.net> wrote: > How can I be sure that it has "been seeded with enough"? Why would OpenSSL lie? :-) -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Big endian success
On Wed, Jan 25, 2017 at 3:52 AM, Gary E. Miller <g...@rellim.com> wrote: > > > > > I have been asking OSUOSL for more horsepower. > > > > I can provide a more "hefty" box. 4GB RAM, 4-core VM? Or more? > > I would need ssh access, install buildbot and run a web server on it. On its way to you. Debian or Ubuntu server or Centos? -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
Re: Big endian success
On Mon, Jan 23, 2017 at 11:26 AM, Hal Murray <hmur...@megapathdsl.net> wrote: > I don't know anything about the build farm. Something used to send me > email > when I pushed changes, but that went silent a long time ago. What is the > current status? Is there a web page describing it? > There is a https://buildbot.ntpsec.org/ , but that needs authentication. Why does it need authentication? -- Sanjeev Gupta +65 98551208 http://www.linkedin.com/in/ghane ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
