Mailing list administration UI [was: Re: [questions] Windows port pool IPv6 misbehavior]

[Marco Marongiu]

Hello there

Would it be possible to restore some administration web UI for this 
mailing list, so that I can take care of fixing cases like these, where 
customer center addresses are registered as users and we get all sorts 
of  in the list?


Also, I wonder why it's happening. I have been into many mailing lists 
and this is the only one where "rogue" list members pop up more or less 
regularly...


Ciao
-- bronto



On 24/05/2023 16:13, Greystar wrote:



*Hi, *

Thanks for reaching out.

If it were up to us, we’d solve all your problems, but renter’s 
insurance is what we do best. For everything else, we suggest you 
contact your leasing professional or property management company.


Feel free send us your questions by responding to this email. You can 
also give us a call using the toll-free number below, Monday through 
Friday, 8 a.m-8 p.m. EST.

Assurant Insurance Service Center
/On behalf of Greystar/
Phone *1.800.249.1104*
Email greys...@assurant.com

Need a faster response? Chat with us 8AM – 5PM Monday – Friday at 
https://resident.assurant.com/poi/confirmation 
. You will need the 
three letter Client ID and resident ID listed in the subject line above.


You can also self-service your Assurant policy by visiting 
www.MyAssurantPolicy.com .

--- Original Message ---
*From:* Dave Hart ;
*Received:* Sun May 21 2023 23:50:10 GMT-0400 (Eastern Daylight Time)
*To:* questions@lists.ntp.org;
*Subject:* [questions] Fwd: Windows port pool IPv6 misbehavior

I recently visited a relative who, unlike myself, has IPv6 service 
from her ISP.  I noticed ntpd on my Windows laptop configured with:


pool 2.pool.ntp.org 



was not soliciting any IPv6 pool servers.  For those unfamiliar, the 
2.*.pool.ntp.org 
 
names are the only ones which return IPv6 addresses

as well as IPv4.
This appears to be a bug in Windows 11 resolving hostnames to IP 
addresses.


I would love to hear from others if they are seeing similar behavior 
on Windows ntpd with a similar pool configuration.  I'm using Windows
11 22H2 (22621.702) x64.  I'm particularly curious to hear from those 
using other Windows versions so I can note in my bug report which

versions have broken getaddrinfo().
Incidentally there is a workaround available.  You can use something 
like the following:
pool pool.ntp.org 

pool -6 2.pool.ntp.org 



The first pool prototype association will pick up IPv4 addresses, 
while the second one will get IPv6 addresses.

Thanks for your time and assistance.

Cheers,
Dave Hart

This e-mail message and all attachments transmitted with it may 
contain legally privileged and/or confidential information intended 
solely for the use of the addressee(s). If the reader of this message 
is not the intended recipient, you are hereby notified that any 
reading, dissemination, distribution, copying, forwarding or other use 
of this message or its attachments is strictly prohibited. If you have 
received this message in error, please notify the sender immediately 
and delete this message and all copies and backups thereof. Thank you.

Re: [questions] Re: [ntp:questions] ntp pool servers disappear

[Marco Marongiu]

This is what I got:

[image: image.png]

Il giorno mer 27 apr 2022 alle ore 00:30 Steve 'Hollywood' Sobol - NTF <
sjso...@nwtime.org> ha scritto:

>
> On 4/26/2022 13:48, Steve 'Hollywood' Sobol - NTF wrote:
> >
> > On 4/26/2022 1:10, Opty wrote:
> >> Now that the mailing list seems to work again: Still restricted. :-)
> >
> > Opty,
> >
> > Let me work on this...
> >
> > I'll be your point of contact. I'll report back here as soon as I have
> > an update.
>
>
> Please try registering again.
>
>

[questions] Re: [ntp:questions] Automatic replies

[Marco Marongiu]

After receiving a bunch of auto replies, I think I have a hunch on what's
happening: the mailing list manager software is being replaced and the
subscribers' list was copied over, but the nomail setting for some
addresses was disregarded and all those addresses have reverted to normal
users again. Hence the problem.

It's a shot in the dark, but highly plausible.

Ciao
-- bronto


On Tue, 26 Apr 2022, 12:27 Marco Marongiu,  wrote:

> Yep. But this time I'm left without an administrative UI, and I'm afraid
> there is little I can do without it.
>
> But I seem to understand that there may be something happening behind the
> scenes, considering how many are complaining about missing headers. I'll
> just wait for an announcement in that respect and see.
>
> Ciao!
> -- bronto
>
>
> On Tue, 26 Apr 2022, 10:44 Opty,  wrote:
>
>> Unfortunately, they returned. :-(
>>
>> Regards,
>> Opty
>>
>> On Tue, Jun 1, 2021 at 6:03 PM Opty  wrote:
>> > Seems unnecessary as I haven't received any automatic reply to my last
>> > message yet. Excellent work! \o/
>>
>

[questions] Re: [ntp:questions] Automatic replies

[Marco Marongiu]

Yep. But this time I'm left without an administrative UI, and I'm afraid
there is little I can do without it.

But I seem to understand that there may be something happening behind the
scenes, considering how many are complaining about missing headers. I'll
just wait for an announcement in that respect and see.

Ciao!
-- bronto


On Tue, 26 Apr 2022, 10:44 Opty,  wrote:

> Unfortunately, they returned. :-(
>
> Regards,
> Opty
>
> On Tue, Jun 1, 2021 at 6:03 PM Opty  wrote:
> > Seems unnecessary as I haven't received any automatic reply to my last
> > message yet. Excellent work! \o/
>

Re: [ntp:questions] ntp pool servers disappear - more data

[Marco Marongiu]

Jim, can you please subscribe to the mailing list, so that I don't have to
approve manually every single post you send?

Thanks in advance

Ciao
-- bronto


Il giorno ven 25 giu 2021 alle ore 08:58 Jim Pennino 
ha scritto:

> William Unruh  wrote:
>
> 
>
> > I suspect it is the number of times that ntpd tries to contact the
> > server and fails rather than the time that is important. You could try
> > putting the server offline and then online again (I use chrony so do not
> > remember if ntpd has that option).
>
> No, it doesn't.
>
> ___
> questions mailing list
> questions@lists.ntp.org
> http://lists.ntp.org/listinfo/questions
>
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Automatic replies

[Marco Marongiu]

Hi again, Opty and all

I think I found the user. They are now set to nomail. We'll see if it helps.

Ciao
-- bronto


Il giorno mar 1 giu 2021 alle ore 18:45 Marco Marongiu <
brontoli...@gmail.com> ha scritto:

> Hi Opty, all
>
> Il giorno mar 1 giu 2021 alle ore 10:26 Opty  ha
> scritto:
>
>> would e-mail headers help?
>>
>>
> I checked those, but nothing there matches what I could get off the
> members list. I *think* that it may be easier to see it from the mail
> server logs, but I haven't access to those.
>
> Let me check if I manage to get a grab on a powerful admin :)
>
> Ciao
> -- bronto
>
>
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Automatic replies

[Marco Marongiu]

Hi Opty, all

Il giorno mar 1 giu 2021 alle ore 10:26 Opty  ha scritto:

> would e-mail headers help?
>
>
I checked those, but nothing there matches what I could get off the members
list. I *think* that it may be easier to see it from the mail server logs,
but I haven't access to those.

Let me check if I manage to get a grab on a powerful admin :)

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Automatic replies

[Marco Marongiu]

Hello Opty

Unfortunately that address is not subscribed to the list. It's being routed
through some other address that is not easy to identify. I can try and find
out by using bruteforce, but I hope that someone else in the admin team can
come up with a better idea...

Ciao
-- bronto


Il giorno mer 26 mag 2021 alle ore 15:41 Opty  ha scritto:

> Hello,
>
> it started to happen when I sent my first message to the mailing list
> on Apr 14. Most probably not always the same set of addresses, though.
>
> I didn't mention i...@bingocabin.com as it seemed unrelated but that
> changed. Can you consider it too?
>
> Thanks for the maintenance!
>
> Regards,
> Opty
>
> On Tue, May 25, 2021 at 10:20 PM Marco Marongiu 
> wrote:
> > Hello again
> >
> > So FYI I have set the following two addresses to nomail:
> >
> > kundserv...@axofinans.se aka Ronald Jones (reported by opty)
> > 3042908...@email.uscc.net aka Gerald Gonzales (bouncing)
> >
> > I'm considering removing from the list all the addresses that are
> administratively set in nomail, especially if they keep bouncing. We'll see
> how they behave now.
> >
> > Il giorno mar 25 mag 2021 alle ore 22:13 Marco Marongiu <
> brontoli...@gmail.com> ha scritto:
> >> Hi
> >>
> >> We have recently set most of those addresses as "nomail" in mailman:
> they are technically subscribed to the mailing list, but they don't get any
> mail -- or are not supposed to. Has that happened recently that you got an
> automatic reply from those?
> >>
> >> The only one that I don't remember to have "banned" is the axofinans
> one, will check and fix in case.
> >>
> >> Il giorno mar 25 mag 2021 alle ore 22:10 Opty  ha
> scritto:
> >>> Hello,
> >>>
> >>> when you send a message to the mailing list, do you get an automatic
> >>> reply from at least following addresses?
> >>>
> >>> messagebou...@indeed.com
> >>> kundserv...@axofinans.se
> >>> db.nore...@db.com
> >>> servi...@clientele.co.za
> >>>
> >>> It seems that some subscribers' software uses "From" instead of
> >>> "Return-Path" (see
> >>> https://en.wikipedia.org/wiki/Bounce_message#Terminology) or gets
> >>> confused by the mailing list.
>
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Automatic replies

[Marco Marongiu]

Hello again

So FYI I have set the following two addresses to nomail:

kundserv...@axofinans.se aka Ronald Jones (reported by opty)
3042908...@email.uscc.net aka Gerald Gonzales (bouncing)

I'm considering removing from the list all the addresses that are
administratively set in nomail, especially if they keep bouncing. We'll see
how they behave now.

Ciao
-- bronto



Il giorno mar 25 mag 2021 alle ore 22:13 Marco Marongiu <
brontoli...@gmail.com> ha scritto:

> Hi
>
> We have recently set most of those addresses as "nomail" in mailman: they
> are technically subscribed to the mailing list, but they don't get any mail
> -- or are not supposed to. Has that happened recently that you got an
> automatic reply from those?
>
> The only one that I don't remember to have "banned" is the axofinans one,
> will check and fix in case.
>
> Ciao
> -- bronto
>
>
> Il giorno mar 25 mag 2021 alle ore 22:10 Opty  ha
> scritto:
>
>> Hello,
>>
>> when you send a message to the mailing list, do you get an automatic
>> reply from at least following addresses?
>>
>> messagebou...@indeed.com
>> kundserv...@axofinans.se
>> db.nore...@db.com
>> servi...@clientele.co.za
>>
>> It seems that some subscribers' software uses "From" instead of
>> "Return-Path" (see
>> https://en.wikipedia.org/wiki/Bounce_message#Terminology) or gets
>> confused by the mailing list.
>>
>> Regards,
>> Opty
>> ___
>> questions mailing list
>> questions@lists.ntp.org
>> http://lists.ntp.org/listinfo/questions
>>
>
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Automatic replies

[Marco Marongiu]

Hi

We have recently set most of those addresses as "nomail" in mailman: they
are technically subscribed to the mailing list, but they don't get any mail
-- or are not supposed to. Has that happened recently that you got an
automatic reply from those?

The only one that I don't remember to have "banned" is the axofinans one,
will check and fix in case.

Ciao
-- bronto


Il giorno mar 25 mag 2021 alle ore 22:10 Opty  ha scritto:

> Hello,
>
> when you send a message to the mailing list, do you get an automatic
> reply from at least following addresses?
>
> messagebou...@indeed.com
> kundserv...@axofinans.se
> db.nore...@db.com
> servi...@clientele.co.za
>
> It seems that some subscribers' software uses "From" instead of
> "Return-Path" (see
> https://en.wikipedia.org/wiki/Bounce_message#Terminology) or gets
> confused by the mailing list.
>
> Regards,
> Opty
> ___
> questions mailing list
> questions@lists.ntp.org
> http://lists.ntp.org/listinfo/questions
>
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] create charts

[Marco Marongiu]

I think the culprit was 4359947...@email.uscc.net. I have suspended the
delivery to that address. We'll see how it goes.

Ciao
-- bronto


Il giorno lun 24 ago 2020 alle ore 09:22 Martin Burnicki <
martin.burni...@burnicki.net> ha scritto:

> Marco Marongiu wrote:
> > Me, after I replied to that email. Not sure what that means, but I wasn't
> > amused.
>
> I've observed that, too, some time ago.
>
> Looks like a few of the email addresses subscribed to the list refer to
> automatic systems, like ticket systems, and an automatic reply is sent
> when you post to the list
>
> Martin
>
>
> > Il Dom 23 Ago 2020, 17:24 William Unruh  ha scritto:
> >
> >> On 2020-08-23, Uwe Klein  wrote:
> >>>
> >>> Anybody else getting "request received" from TheFork
> >>> and a bunch of "undeliverable" from uscc.net
> >>>
> >>> for each posting to comp.protocols.time.ntp ?
> >>
> >> Nope, not here.
> >>
> >> Not sure what you mean by "getting". emails? error messages? Popups?
> >> I use slrn, and am seeing none of those messages.
> >>
> >>
> >> ___
> >> questions mailing list
> >> questions@lists.ntp.org
> >> http://lists.ntp.org/listinfo/questions
> >>
> > ___
> > questions mailing list
> > questions@lists.ntp.org
> > http://lists.ntp.org/listinfo/questions
> >
>
> ___
> questions mailing list
> questions@lists.ntp.org
> http://lists.ntp.org/listinfo/questions
>
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] create charts

[Marco Marongiu]

Me, after I replied to that email. Not sure what that means, but I wasn't
amused.

-- bronto


Il Dom 23 Ago 2020, 17:24 William Unruh  ha scritto:

> On 2020-08-23, Uwe Klein  wrote:
> >
> > Anybody else getting "request received" from TheFork
> > and a bunch of "undeliverable" from uscc.net
> >
> > for each posting to comp.protocols.time.ntp ?
>
> Nope, not here.
>
> Not sure what you mean by "getting". emails? error messages? Popups?
> I use slrn, and am seeing none of those messages.
>
>
> ___
> questions mailing list
> questions@lists.ntp.org
> http://lists.ntp.org/listinfo/questions
>
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] create charts

[Marco Marongiu]

Many years ago I used rrdtool to plot graphs from munin. Pretty sure there
is more modern stuff that is way better. Anyway, for what is worth:
https://syslog.me/2011/06/10/using-rrdgraph-for-better-ntp-monitoring/

I agree with David though: without knowing what information you get from
the servers, how you get it, and what you want to represent, it's really
difficult to help.

Ciao
-- bronto


Il giorno ven 21 ago 2020 alle ore 18:50 William Unruh 
ha scritto:

> On 2020-08-21, David Woolley  wrote:
> > On 21/08/2020 11:39, thimoo...@gmail.com wrote:
> >> I have a question. how do you make a graph of your ntp server and is
> that possible
> >
> > What parameter do you want to represent?  Remember that the actual error
> > from true time is never known, because, if it could be known, it could
> > be made to be zero.
>
> He of course has not told us what he wants to graph, or what his problem
> is in trying to do so. He cannot "make a graph of your server", since
> about the only thing accessible to him is time reported by the server
> Without some other time standard (gpstime, his own computer, some other
> server,etc) there is
> nothing to plot.
>
> ___
> questions mailing list
> questions@lists.ntp.org
> http://lists.ntp.org/listinfo/questions
>
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Trying to reply to an NTP Questions request I get this

[Marco Marongiu]

On 22/08/19 13:38, Charles Elliott wrote:
> FWIIW, ever since NTP.org transferred its email lists from ISC I have
> received a tiny fraction of the NTP-related email that I had in the
> past.  For example, now I see two or three requests for assistance a
> month, whereas in the past there were 2-3 a day.  Also, I only see
> bug reports when Perlinger or Stenn announce the bugs are fixed, and
> never the original requests.  Although for me this is a huge
> timesaver, I am assuming that there may be something broken with the
> way NTP email is being handled now.

Could this be the problem (and the solution an upgrade of mailman)?

https://wiki.list.org/DEV/DMARC

-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Reference 'sntp' utility: how do you set the destination port number

[Marco Marongiu]

On 22/07/2019 11:41, Miroslav Lichvar wrote:
> Those (and yours) didn't make it back to the newsgroup where the
> question was posted. The gateway seems to work only in the direction
> to the mailing list.

Man, that newsgroup is more harmful than hail! :-D

Thanks Miroslav. That also could explain why some people get their
messages moderated by mailman a gazillion times, and don't care
subscribing: they see their messages go through anyway and don't know it
may be a problem.

Ciao!
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Reference 'sntp' utility: how do you set the destination port number

[Marco Marongiu]

On 21/07/2019 01:26, stua...@longlandclan.id.au wrote:
> after no on-list replies

Just to say that I *do* see on-list replies from "A C" and Harlan Stenn
himself, so not sure what you mean here...

-- M


___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Fwd: [ntp:hackers] 4.4 development

[Marco Marongiu]

On 26/08/2018 02:51, Philip Prindeville wrote:
> Casting a wider net…

I cannot contribute with code, but it's nice to see that things are
moving. Thanks for posting it here :)

-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Abusive client, what to do?

[Marco Marongiu]

On 17/01/18 00:13, Mike S wrote:
> at this point I don't see any way to get them to react other than a
> good old public shaming.

https://twitter.com/brontolinux/status/953552152626106368

Ciao!
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Case Solution: Strategy Execution Module 15 Using the Levers of Control to Implement Strategy by Robert L. Simons

[Marco Marongiu]

I don't know how these emails have made it through the list. Anyway, I
think I have now filtered them.

-- M


On 01/06/17 15:46, Case Solutions & Analysis wrote:
> Case Solution and Analysis of Strategy Execution Module 15: Using the Levers 
> of Control to Implement Strategy by Robert L. Simons, send email to 
> allcasesolutions(at)gmail(dot)com 
> 
> Case Study ID: 9-117-115
> 
> Get Case Study Solution and Analysis of Strategy Execution Module 15: Using 
> the Levers of Control to Implement Strategy in a FAIR PRICE!! 
> 
> Our e-mail address is allcasesolutions(at)gmail(dot)com. Please replace (at) 
> by @ and (dot) by . 
> 
> YOU MUST WRITE FOLLOWING WHILE PLACING YOUR ORDER: 
> Complete Case Study Name 
> Authors 
> Case Study ID 
> Publisher of Case Study 
> Your Requirements / Case Questions 
> 
> Note: Do not reply to this post because we do not monitor posts. If you need 
> any other Case Solutions please send me an email. We can help you to get it. 
> 
> ___
> questions mailing list
> questions@lists.ntp.org
> http://lists.ntp.org/listinfo/questions
> 
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] NTP 4.2.8p10 released

[Marco Marongiu]

On 09/05/17 09:45, ashu6...@gmail.com wrote:
> How can we add redundant server into  NTP 4.2.8p10 ? If we try to
> edit the configuration file it's not switching to the redundant
> server?
Maybe it's just me or I am dumb, but I am not sure I understand what you
are talking about. Could you please elaborate on what your problem is,
how you tried to solve it, and what the relation is with the release of
4.2.8p10?

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] ✘interface/nic

[Marco Marongiu]

On 03/04/17 23:54, Gary E. Miller wrote:
>> I used interface ignore and then bound ntpd to specific interfaces on
>> LVS servers. This was because virtual interfaces were continuously
>> created and destroyed on those servers, ntpd had to continuosly run
>> after the change and sometimes it got... "confused" and eventually
>> stopped serving time.
> Interesting.  That is new data.  Maybe file a bug?

I can't, as I am not working in the same environment now.


>> Since I wanted the service to be provided only on specific addresses,
>> I forced ntpd to ignore all interfaces but the loopback and the ones
>> where those addresses were bound to.
> Yeah, I get the address thing, but using nic/interface as a workaround
> to a bug in enlightening.

Hmmm... I'll take it as a compliment :-D


>> Hope this helps. Why do you want to know exactly?
> A friend of mine has been looking at the code and scratching his head
> about it.

Got it. Thanks

Ciao
-- M
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] ✘interface/nic

[Marco Marongiu]

On 31/03/17 22:39, Gary E. Miller wrote:
> Quick question, does anyone use either of these in ntp.conf?
> 
> interface[listen | ignore | drop] [all | ipv4 | ipv6 | wildcard | name | 
> address[/prefixlen]]
> nic[listen | ignore | drop] [all | ipv4 | ipv6 | wildcard | name | 
> address[/prefixlen]]
> 
> If so, how and why?  Is 'name' the name of the interface?

I used interface ignore and then bound ntpd to specific interfaces on
LVS servers. This was because virtual interfaces were continuously
created and destroyed on those servers, ntpd had to continuosly run
after the change and sometimes it got... "confused" and eventually
stopped serving time.

Since I wanted the service to be provided only on specific addresses, I
forced ntpd to ignore all interfaces but the loopback and the ones where
those addresses were bound to.

Hope this helps. Why do you want to know exactly?

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] clock.isc.org NTP sincronization problem

[Marco Marongiu]

Leap-second-related bug?

Il 02 Gen 2017 10:03, "Roby"  ha scritto:

> Il 02/01/2017 09:43, Roby ha scritto:
>
>> Using a Risco camera that synchronizes date and time using clock.isc.org
>> NTP server via port 119
>> It works correctly for 2 years, but at the end of 2016 has started to
>> have problems
>> From the day December 31, 2016 (24:00) I have problems and does not
>> synchronize properly. January 1, 2017 marked the day January 2, 2017 and
>> now does not synchronize the time.
>> Anyone has information about
>> Thanks for any help
>> Bob
>>
>
> Object: clock.isc.org NTP synchronization sorry
>
> I probably found the problem
> Inexplicably the camera at the end of the year has changed the "Time zone"
> setup !!!
> I will verify in the coming hours / days if the camera will retain the
> configuration stable 
> Thank you
> Happy New Year to all
>
> ___
> questions mailing list
> questions@lists.ntp.org
> http://lists.ntp.org/listinfo/questions
>
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Using Splunk for NTP Logs

[Marco Marongiu]

On 02/09/16 16:58, Frank Wayne wrote:
> Is there anyone that collects NTP logs with Splunk or, if not, wants
> to? (Splunk is a popular machine data indexing and analysis tool.
> They offer a free license tier.)
> 
> I wrote technology add-ons (for *nix and Windows) for Splunk that do
> field extractions and interpretations for the various statistics
> files, including GPS/NMEA events. If anyone is interested, here are
> the links to the add-ons:
> 
> https://splunkbase.splunk.com/app/3155/ (Windows)
> https://splunkbase.splunk.com/app/3154/ (*nix)

I don't use Splunk but I am grateful you shared your work with us. I
have shared it further:

https://twitter.com/brontolinux/status/771775127050711040

Ciao
-- bronto

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] ntp orphan sync time after boot

[Marco Marongiu]

On 15/01/16 12:05, Rini van Zetten wrote:
> It seems that i have to speed up the server. It takes 5 minutes before
> its state(refid) changes from .INIT. to 127.0.0.1 (with ntpq -p on the
> client).
> 
> But on the server i have no server defined, only "tos orphan 8" , so i
> cannot pass iburst.

Ah, sorry for the misunderstanding.

Unfortunately, I have no clue for your case :-(

Ciao
-- bronto

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] ntp orphan sync time after boot

[Marco Marongiu]

On 15/01/16 14:20, Rini van Zetten wrote:
> I overlooked the orphanwait option. Settings this to 0 makes it work like i 
> want.

Thanks for sharing your findings, may be useful to other people in the
future

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Poll interval stuck

[Marco Marongiu]

On 15/01/16 13:54, Geoff Down wrote:
> Offset has been as low as .1s, currently is 1.5

0.1s is not good at all, with ntpd you should be as close as a few
milliseconds to UTC. It doesn't surprise me that ntpd doesn't enlarge
the poll interval.

Can you post the output of ntpq -p please?

What hardware is that? Or it is a VM maybe?

Ciao
-- bronto

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] ntp orphan sync time after boot

[Marco Marongiu]

On 14/01/16 15:26, Rini van Zetten wrote:
> The problem we have is that it takes about 5 minutes after boot
> before the devices are synchronised. Is there anything possible to
> speed up this process ?

See the burst/iburst options, that should help

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Horrible performance with 4.2.8p3?

[Marco Marongiu]

I've been doing a little research here.

On one server I have the munin plugins version 2.0.6 from Debian
packages in backports.

The munin plugin ntp_kernel_pll_off uses the output of ntpq -c kerninfo
or ntpdc -c kerninfo, whatever is available, then matches /^pll offset:/
and prints the value:

~# ntpdc -c kerninfo
pll offset:   -0.00024676 s
pll frequency:-81.448 ppm
maximum error:0.797547 s
estimated error:  0.000573 s
status:   2001  pll nano
pll time constant:10
precision:1e-09 s
frequency tolerance:  500 ppm
~# ntpdc -c kerninfo | awk '/^pll offset:/ { print $3 }'
-0.00024652

Now, what happens with 4.2.8? I tried to do the same on my workstation
running Debian Jessie and ntpd 4.2.8p3. ntpdc -c kerninfo fails:

bronto@brabham:~$ sudo ntpdc -c kerninfo
localhost: timed out, nothing received
***Request timed out
bronto@brabham:~$

ntpdc -c kerninfo works, but...

bronto@brabham:~$ sudo ntpq -c kerninfo
associd=0 status=0618 leap_none, sync_ntp, 1 event, no_sys_peer,
pll offset:-0.075818
pll frequency: 7.23193
maximum error: 0.2435
estimated error:   0
kernel status: pll nano
pll time constant: 7
precision: 1e-06
frequency tolerance:   500
pps frequency: 0
pps stability: 0
pps jitter:0
calibration interval   0
calibration cycles:0
jitter exceeded:   0
stability exceeded:0
calibration errors:0
bronto@brabham:~$

No unit, but I'd speculate that pll offset is milliseconds instead of
seconds... That's what confuses munin, I believe: where the two commands
provide the same information, ntpq prints it without specifying the unit
AND uses a different unit for pll offset.

I'm not sure if that should be considered a bug in ntpq. In case, let me
know and I'll submit a bug report.

Ciao
-- bronto


PS: For your reference, here's the code of the munin plugin.

> ~# cat /etc/munin/plugins/ntp_kernel_pll_off 
> #!/bin/sh
> # -*- sh -*-
> 
> : < 
> =head1 NAME
> 
> ntp_kernel_pll_off - Plugin to monitor the kernel's PLL offset for the
> NTP status
> 
> =head1 CONFIGURATION
> 
> No configuration
> 
> =head1 AUTHORS
> 
> Unknown author
> 
> =head1 LICENSE
> 
> GPLv2
> 
> =head1 MAGIC MARKERS
> 
>  #%# family=auto
>  #%# capabilities=autoconf
> 
> =cut
> 
> EOF
> 
> export PATH=/usr/local/sbin:$PATH
> 
> if [ "$1" = "autoconf" ]; then
> { ntpq -c kerninfo; ntpdc -c kerninfo; } 2>/dev/null |
> awk 'BEGIN { ev=1; }
>  /^pll offset:/ { ev=0; }
>  END { if (ev == 0) { print "yes";} else { print "no"; } exit ev; }'
> exit 0
> fi
> 
> if [ "$1" = "config" ]; then
> echo 'graph_title NTP kernel PLL offset (secs)'
> echo 'graph_vlabel PLL offset (secs)'
> echo 'graph_category time'
> echo 'graph_info The kernel offset for the phase-locked loop used by NTP'
> echo 'ntp_pll_off.label pll-offset'
> echo 'ntp_pll_off.info Phase-locked loop offset in seconds'
> exit 0
> fi
> 
> printf 'ntp_pll_off.value '
> 
> if [ $(ntpq -c version | grep --extended-regexp --only-matching 
> '[[:digit:]]\.[[:digit:]]\.[[:digit:]]' | tr -d '.') -ge 427 ]
> then
> cmd=ntpq
> else
> cmd=ntpdc
> fi
> 
> $cmd -c kerninfo | awk '/^pll offset:/ { print $3 }'

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Horrible performance with 4.2.8p3?

[Marco Marongiu]

On 04/12/15 09:47, Marco Marongiu wrote:
> From the data we have in munin it appears that ntpd 4.2.8p3 has been
> working terribly bad during these months, to the point that when I saw
> the graphs this morning I thought that all of our servers were broken.

...unless 4.2.8p3 has changed how the PLL information is reported and
munin (e.g.: the measurement unit has changed from, say, seconds in
4.2.8 and is milliseconds in 4.2.6?)

Ciao
-- bronto

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Horrible performance with 4.2.8p3?

[Marco Marongiu]

On 04/12/15 09:54, Marco Marongiu wrote:
> On 04/12/15 09:47, Marco Marongiu wrote:
>> From the data we have in munin it appears that ntpd 4.2.8p3 has been
>> working terribly bad during these months, to the point that when I saw
>> the graphs this morning I thought that all of our servers were broken.
> 
> ...unless 4.2.8p3 has changed how the PLL information is reported and
> munin (e.g.: the measurement unit has changed from, say, seconds in
> 4.2.8 and is milliseconds in 4.2.6?)

Actually, after reading the git logs of my scripts that seems to be the
case. Sorry for the alarm! :-(

Ciao
-- bronto


___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

[ntp:questions] Horrible performance with 4.2.8p3?

[Marco Marongiu]

Hi there

Due to challenges to produce our own Debian packages for 4.2.8p4 to fix
DSA-3388[1], we decided to downgrade to the 4.2.6 packages in bundle
with Debian 6, 7 and 8. We had been running 4.2.8p3 since late June to
implement our own countermeasures for the leap second[2].

>From the data we have in munin it appears that ntpd 4.2.8p3 has been
working terribly bad during these months, to the point that when I saw
the graphs this morning I thought that all of our servers were broken.

You'll find a few graphs from munin (if mailman doesn't strip them).
Notice how things changed at the end of June (4.2.8 installed) and
yesterday (downgrade to 4.2.6). Also consider that the yearly graphs are
much "smoother" than reality because of RRD.




[1] https://www.debian.org/security/2015/dsa-3388
[2]
http://syslog.me/2015/06/04/a-humble-attempt-to-work-around-the-leap-second-2015-edition/
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] kod and limited

[Marco Marongiu]

On 24/11/15 10:44, Miroslav Lichvar wrote:
>> > What option would you recommend?
> I think the recommendation is to not use the limited option at all.
> Some people reported that it may actually increase the amount of
> traffic, apparently there are broken clients that send a new request
> soon after missing a reply.
> 
> Also, there is a security issue that an attacker can prevent a client
> from getting replies by sending spoofed packets to the server. See the
> archive of the ntp-hackers list for more information.

Thanks Miroslav, very informative as always! I'll kill "kod" altogether.

Ciao
-- bronto

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

[ntp:questions] kod and limited

[Marco Marongiu]

Hi all

In the document "ntpd access restrictions" it is recommended to use the
restriction "kod"[1]. However, when used as it is there it makes ntpd
complain:

> Nov 20 11:54:00 testnode ntpd[40098]: restrict ::: KOD does nothing without 
> LIMITED.

The documentation agrees[2].

Now I have two options:
1. remove "kod" altogether
2. add "limited"

The defaults for discard seem sensible[3] and adding "limited" shouldn't
result in problems. On the other hand, I am worried that (for example)
local clients using burst/iburst or running ntpdate -q repeatedly for
debugging purposes may be denied the service. Am I just worrying too much?

What option would you recommend?

Thanks in advance

Ciao
-- bronto


[1]
http://support.ntp.org/bin/view/Support/AccessRestrictions#Section_6.5.1.1.3.

[2] http://doc.ntp.org/4.2.6p5/accopt.html#restrict

[3] http://doc.ntp.org/4.2.6p5/accopt.html#discard
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] ntp.conf true and prefer option for server command

[Marco Marongiu]

On 12/11/15 06:49, Tiwari, Dilip (Nokia - IN/Bangalore) wrote:
> As per my understanding if true option is used with it, it'll escape/survive 
> select and cluster algorithm, and will always be selected as preferred server.
> I used server command this way: server -4   true iburst minpoll 4 
> maxpoll 6

I never used "true" but I would guess that with it you are just ensuring
that it always makes it through the selection algorithm, that it is
never discarded. That doesn't guarantee that it will be selected though:
if it's not good enough, another one will still be selected.

That said, please ensure you have my words confirmed by someone more
knowledgeable.

Ciao!
-- bronto

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

[ntp:questions] ntpd vulnerabilities

[Marco Marongiu]

Hi there

Following this: https://www.debian.org/security/2015/dsa-3388
I would kindly ask if the fixes for 4.2.8p4 have already landed the
official source code and, if not, when will they?

Thanks, ciao!
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] NTP not syncing immediately

[Marco Marongiu]

I can't really say, posting your full ntp.conf could help better.

Are you syncing against public or internal ntp servers?

Regards
-- M
On 18 Sep 2015 17:14, "sneha b"  wrote:

> Hi,
>
> NTP is not syncing immediately, its taking some 3 minutes time.
> I want to sync immediately, my project requires to sync immediately as the
> client is real time systems.
>
>
>
> NTP server is responding with below messages. Below are the wireshark
> captures.
>
> Flags: 0x0c
> 11..  = Leap Indicator: unknown (clock unsynchronized) (3)
> ..00 1... = Version number: NTP Version 1 (1)
>  .100 = Mode: server (4)
> Peer Clock Stratum: unspecified or invalid (0)
> Peer Polling Interval: invalid (0)
> Peer Clock Precision: 0.08 sec
> Root Delay:0. sec
> Reference Timestamp: Jan  1, 1970 00:00:00.0 UTC
> My ntp.conf file has below enteries:
>
> server 127.127.1.0
> fudge 127.127.1.0 stratum 0
> restrict 127.127.1.0
>
> If any insights will be of a very great help.
>
>
> I am stopping the service windows time.
>
> After some 3 minutes the sync is happening properly.But its not happening
> immediately. Can anybody help me in resolving.
>
> Thanks,
> Sneha
> ___
> questions mailing list
> questions@lists.ntp.org
> http://lists.ntp.org/listinfo/questions
>
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

[ntp:questions] ntpd 4.2.8p3-RC1 and munin

[Marco Marongiu]

Hi there

Did the output of any command change between a.2.6 and 4.2.8? The moment
we have upgraded ntpd to 4.2.8p3-RC1 our munin graphs for time offset
went crazy but the servers are behaving. The only thing I can think of
is that some command changed output and the plugins are unable to decode
it properly.

Thanks in advance, ciao!
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

[ntp:questions] ntpd 4.2.8p3 final?

[Marco Marongiu]

Hi there!

Will it be out soon enough before June 30th?

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] ntpd 4.2.8p3 final?

[Marco Marongiu]

On 23/06/15 10:03, Harlan Stenn wrote:
 Will it be out soon enough before June 30th?
 I'm hoping for the 25th.

Understood


 We're going thru some last-minute discussions and implementation/testing
 of some leap-smear ideas.  I would not be surprised to discover that we
 will need a p4 to handle some as-yet-unknown problem that we discover
 with the leap-smear behavior between p3 and the 30th.

As for me, the time for testing is over. Whatever you put for the leap
smear in the final p3 or p4 I'm likely not going to use it. But happy to
see a properly done smear feature in ntpd!

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] NTP-PPS standalone operation: How to ignore network interface changes?

[Marco Marongiu]

On 12/06/15 10:07, Joachim Fabini wrote:
 I want ntp to listen exclusively to the local GPS/PPS
 signal (server 127.127.20.0) and ignore all other network interfaces,
 messages, events

Use the interface directive, e.g.:

interface ignore all
interface listen 127.127.20.0

Ciao
-- bronto

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] NTP-PPS standalone operation: How to ignore network interface changes?

[Marco Marongiu]

On 12/06/15 11:54, Joachim Fabini wrote:
 The straight-forward solution that you propose was the one that I tried
 first. Unfortunately it does not work.

Then I guess I don't understand what you're after exactly. I'll re-read
your message entirely and check what I misunderstood. Sorry for the noise.

-- M
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Leap Second on NTP server at stratum 2

[Marco Marongiu]

On 10/06/15 13:02, Kashif Mumtaz Tahir wrote:
 is there anything we need to change /modify

It depends on what you want to achieve. I am upgrading to 4.2.8p3 and
setting tinker step 0 and disable kernel in the configuration
because I am trying to avoid clock stepping at all cost. What about you?

-- M
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

[ntp:questions] Leap second resources

[Marco Marongiu]

Hi there

Miroslav Lichvar, whom you have read several times in this list, has put
together a very nice set of five possible ways to handle the leap second
with both ntpd and chrony.

http://developerblog.redhat.com/2015/06/01/five-different-ways-handle-leap-seconds-ntp/


As you may have noticed from my messages in this list, I've also been
running leap second simulations with ntpd on Debian during the past few
weeks. If you're using Debian Linux systems you may find the post I've
just published useful:

http://syslog.me/2015/06/04/a-humble-attempt-to-work-around-the-leap-second-2015-edition/


In case you want to run simulations yourselves, you may also find my
leap lab toolbox useful. It's now on github:

https://github.com/brontolinux/leaplab-tools


Enjoy!

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] failed to compile ntpd 4.2.8p3-RC1

[Marco Marongiu]

On 26/05/15 20:29, Harlan Stenn wrote:
 I'm expecting to release p3 this week, leaving room for a p4 if needed
 before June 30th.
 
 If folks would rather see only a p3, I can hold off on that release
 until the 15th of June or so.

I think you know better than anyone else what's the best thing to do. I
don't. I'll blindly trust you, whatever you choose is fine for me.

Thanks!
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] failed to compile ntpd 4.2.8p3-RC1

[Marco Marongiu]

Hi Harlan

On 23/05/15 21:11, Harlan Stenn wrote:
 Please see if putting:
 
  rlimit memlock 0
 
 into your ntp.conf file will fix this.

Yes, that fixed it and now ntpd is behaving exactly as I expected.
Thanks for the support.

Besides, I found that jessie was also acting up so I defaulted to have
rlimit memlock 0 set on all debian nodes.

Do you think you'll be able to release 4.2.8.p3 final before June 30th?

Thanks in any case, ciao!
-- bronto

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] failed to compile ntpd 4.2.8p3-RC1

[Marco Marongiu]

Hi Harlan, all

On 21/05/15 20:48, Harlan Stenn wrote:
 The way to fix that is for you to specify --enable-local-libopts on your
 'configure' line.

I managed to compile them on all the three versions. The configure
command lines are below.

Anyway, I am getting some weird problems in squeeze. When started, ntpd
triggers these messages on the console:

Message from syslogd@leap-squeeze at Jul  1 01:30:50 ...
 t of memory [5668]

But if I look at who's hogging the memory most (and hogging is really
overstated here):

 root@leap-squeeze:~/leap# ps -e -o pid,user,rss,vsz,args --sort -vsz | head 
 -n 11
   PID USER   RSSVSZ COMMAND
  5598 root  9328 109808 /var/cfengine/bin/cf-serverd
  2164 root  3380  70500 sshd: root@pts/0 
   959 root  1972  52704 /usr/sbin/rsyslogd -c5
  2163 root  1164  49212 /usr/sbin/sshd
  1436 root  8324  41524 /usr/sbin/munin-node
  5668 ntp   7828  40532 /usr/sbin/ntpd -p /var/run/ntpd.pid -g -u 106:107
  5591 root  4200  39552 /var/cfengine/bin/cf-execd
  4182 postfix   2380  39432 qmgr -l -t fifo -u
  6634 postfix   2332  39272 pickup -l -t fifo -u -c
  4180 root  2436  37208 /usr/lib/postfix/master
 root@leap-squeeze:~/leap# 

And besides, there is plenty of free memory:

 root@leap-squeeze:~/leap# free
  total   used   free sharedbuffers cached
 Mem:   2025588 2635961761992  0  21420 174152
 -/+ buffers/cache:  680241957564
 Swap:  3954680  03954680

However, restarting the process may finally make it behave. Which is odd.

The configuration on the problematic node is:

 
 # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
 #
 # This file is centrally managed by cfengine
 # MANUAL CHANGES TO THIS FILE WILL BE OVERWRITTEN!!!
 # If you need to make changes, please change the policy or the template
 # used to generate this file
 #
 
 
 driftfile /var/lib/ntp/ntp.drift
 
 # Enable statistics (watch out for disk space!!!)
 statsdir /var/log/ntpstats/
 
 statistics loopstats peerstats clockstats
 filegen loopstats file loopstats type day enable
 filegen peerstats file peerstats type day enable
 filegen clockstats file clockstats type day enable
 
 # Upstream servers
 server 10.10.10.10 burst iburst
 
 # Disable NTP features
 disable kernel
 
 # Don't allow clock stepping
 tinker step 0
 
 # Restrictions and ACLs
 restrict -4 default kod notrap nomodify nopeer noquery
 restrict -6 default kod notrap nomodify nopeer noquery
 
 # Local users may interrogate the ntp server more closely.
 restrict 127.0.0.1
 restrict ::1

The configure command lines on the nodes:

Squeeze:
 ./configure CFLAGS=-g -fno-strict-aliasing -O2 CPPFLAGS=-D_GNU_SOURCE 
 ac_cv_var_tick=no ac_cv_var_tickadj=no --prefix=/usr --enable-all-clocks 
 --enable-parse-clocks --enable-SHM --disable-debugging 
 --sysconfdir=/var/lib/ntp --with-sntp=no --with-lineeditlibs=edit 
 --enable-local-libopts --enable-ntp-signd --disable-dependency-tracking

Wheezy:
 ./configure CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 
 -Wformat -Werror=format-security -fno-strict-aliasing 
 CPPFLAGS=-D_FORTIFY_SOURCE=2 -D_GNU_SOURCE LDFLAGS=-Wl,-z,relro 
 -Wl,--as-needed --prefix=/usr --enable-all-clocks --enable-parse-clocks 
 --enable-SHM --disable-debugging --sysconfdir=/var/lib/ntp --with-sntp=no 
 --with-lineeditlibs=edit --without-ntpsnmpd --enable-local-libopts 
 --enable-ntp-signd --disable-dependency-tracking 
 --with-openssl-libdir=/usr/lib/

Jessie:
 ./configure CFLAGS=-g -O2 -fstack-protector-strong -Wformat 
 -Werror=format-security -fno-strict-aliasing CPPFLAGS=-D_FORTIFY_SOURCE=2 
 -D_GNU_SOURCE LDFLAGS=-Wl,-z,relro -Wl,--as-needed --prefix=/usr 
 --enable-all-clocks --enable-parse-clocks --enable-SHM --disable-debugging 
 --sysconfdir=/var/lib/ntp --with-sntp=no --with-lineeditlibs=edit 
 --without-ntpsnmpd --disable-local-libopts --enable-ntp-signd 
 --disable-dependency-tracking --with-openssl-libdir=/usr/lib/

It's the same configure lines used in debian sources, with the exception
of the libopts part that I patched according to your instructions.

Ciao
-- bronto


___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] failed to compile ntpd 4.2.8p3-RC1

[Marco Marongiu]

On 21/05/15 20:48, Harlan Stenn wrote:
 Hi Marco,
 
 Glad to see questions@ is working!

:-D


 The problem you are seeing is that you seem to have libopts installed on
 your system, and the version installed there is an older version than
 the one we need.
 
 The way to fix that is for you to specify --enable-local-libopts on your
 'configure' line.

Thanks for the hint. The workday is finished today but I'll try this
tomorrow. Thanks a lot!

Ciao
-- bronto

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

[ntp:questions] failed to compile ntpd 4.2.8p3-RC1

[Marco Marongiu]

Hi there

Is it a known problem that ntpd 4.2.8p3-RC1 doesn't compile on Debian
Linux 6 (squeeze) and 7 (wheezy)? If it's supposed to work, what am I
doing wrong? (See errors below)

In scope of my leap second experiments it's quite interesting that this
bug was fixed:

* [Bug 2745] ntpd -x steps clock on leap second
   Do leap second stepping only of the step adjustment is beyond the
   proper jump distance limit and step correction is allowed at all.

Unfortunately, while it compiles OK on jessie it breaks badly on squeeze:

 gcc -DHAVE_CONFIG_H -I. -I..  -I../include -I../lib/isc/include 
 -I../lib/isc/pthreads/include -I../lib/isc/unix/include   -D_GNU_SOURCE 
 -ffunction-sections -fdata-sections -Wall -Wcast-align -Wcast-qual 
 -Wmissing-prototypes -Wpointer-arith -Wshadow -Winit-self -Wstrict-overflow   
 -Wno-strict-prototypes -g -fno-strict-aliasing -O2 -c cmd_args.c
 In file included from cmd_args.c:13:
 ntpd-opts.h:59:3: error: #error option template version mismatches 
 autoopts/options.h header
 In file included from cmd_args.c:13:
 ntpd-opts.h:60: error: expected '=', ',', ';', 'asm' or '__attribute__' 
 before 'Me'
 ntpd-opts.h:105: warning: data definition has no type or storage class
 ntpd-opts.h:105: warning: type defaults to 'int' in declaration of 
 'teOptIndex'
 cmd_args.c: In function 'getCmdOpts':
 cmd_args.c:46: error: 'INDEX_OPT_IPV4' undeclared (first use in this function)
 cmd_args.c:46: error: (Each undeclared identifier is reported only once
 cmd_args.c:46: error: for each function it appears in.)
 cmd_args.c:48: error: 'INDEX_OPT_IPV6' undeclared (first use in this function)
 cmd_args.c:58: error: 'INDEX_OPT_AUTHREQ' undeclared (first use in this 
 function)
 cmd_args.c:60: error: 'INDEX_OPT_AUTHNOREQ' undeclared (first use in this 
 function)
 cmd_args.c:63: error: 'INDEX_OPT_BCASTSYNC' undeclared (first use in this 
 function)
 cmd_args.c:66: error: 'INDEX_OPT_CONFIGFILE' undeclared (first use in this 
 function)
 cmd_args.c:73: error: 'INDEX_OPT_DRIFTFILE' undeclared (first use in this 
 function)
 cmd_args.c:76: error: 'INDEX_OPT_PANICGATE' undeclared (first use in this 
 function)
 cmd_args.c:79: error: 'INDEX_OPT_FORCE_STEP_ONCE' undeclared (first use in 
 this function)
 cmd_args.c:83: error: 'INDEX_OPT_JAILDIR' undeclared (first use in this 
 function)
 cmd_args.c:89: error: 'INDEX_OPT_KEYFILE' undeclared (first use in this 
 function)
 cmd_args.c:92: error: 'INDEX_OPT_PIDFILE' undeclared (first use in this 
 function)
 cmd_args.c:95: error: 'INDEX_OPT_QUIT' undeclared (first use in this function)
 cmd_args.c:98: error: 'INDEX_OPT_PROPAGATIONDELAY' undeclared (first use in 
 this function)
 cmd_args.c:112: error: 'INDEX_OPT_STATSDIR' undeclared (first use in this 
 function)
 cmd_args.c:115: error: 'INDEX_OPT_TRUSTEDKEY' undeclared (first use in this 
 function)
 cmd_args.c:135: error: 'INDEX_OPT_USER' undeclared (first use in this 
 function)
 cmd_args.c:150: error: 'INDEX_OPT_VAR' undeclared (first use in this function)
 cmd_args.c:164: error: 'INDEX_OPT_DVAR' undeclared (first use in this 
 function)
 cmd_args.c:176: error: 'INDEX_OPT_SLEW' undeclared (first use in this 
 function)
 cmd_args.c:179: error: 'INDEX_OPT_UPDATEINTERVAL' undeclared (first use in 
 this function)
 make[3]: *** [cmd_args.o] Error 1
 make[3]: Leaving directory `/usr/local/src/ntp-4.2.8p3-RC1/ntpd'
 make[2]: *** [all] Error 2
 make[2]: Leaving directory `/usr/local/src/ntp-4.2.8p3-RC1/ntpd'
 make[1]: *** [all-recursive] Error 1
 make[1]: Leaving directory `/usr/local/src/ntp-4.2.8p3-RC1'
 make: *** [all] Error 2

and wheezy:

 gcc -DHAVE_CONFIG_H -I. -I..  -I../include -I../lib/isc/include 
 -I../lib/isc/pthreads/include -I../lib/isc/unix/include   -D_FORTIFY_SOURCE=2 
 -D_GNU_SOURCE -ffunction-sections -fdata-sections -Wall -Wcast-align 
 -Wcast-qual -Wmissing-prototypes -Wpointer-arith -Wshadow -Winit-self 
 -Wstrict-overflow   -Wstrict-prototypes -g -O2 -fstack-protector 
 --param=ssp-buffer-size=4 -Wformat -Werror=format-security 
 -fno-strict-aliasing -c cmd_args.c
 In file included from cmd_args.c:13:0:
 ntpd-opts.h:59:3: error: #error option template version mismatches 
 autoopts/options.h header
 ntpd-opts.h:60:3: error: unknown type name 'Choke'
 ntpd-opts.h:60:11: error: expected '=', ',', ';', 'asm' or '__attribute__' 
 before '.' token
 ntpd-opts.h:105:3: warning: data definition has no type or storage class 
 [enabled by default]
 ntpd-opts.h:105:3: warning: type defaults to 'int' in declaration of 
 'teOptIndex' [-Wimplicit-int]
 cmd_args.c: In function 'getCmdOpts':
 cmd_args.c:46:7: error: 'INDEX_OPT_IPV4' undeclared (first use in this 
 function)
 cmd_args.c:46:7: note: each undeclared identifier is reported only once for 
 each function it appears in
 cmd_args.c:48:12: error: 'INDEX_OPT_IPV6' undeclared (first use in this 
 function)
 cmd_args.c:58:6: error: 'INDEX_OPT_AUTHREQ' undeclared (first use in this 
 function)
 cmd_args.c:60:11: error: 'INDEX_OPT_AUTHNOREQ' 

[ntp:questions] Potential bug in leap second handling (guess it's Linux and not ntpd?)

[Marco Marongiu]

Hi all

Last Friday I found something, potentially a very bad bug, in Linux when
a leap second is handled.

http://syslog.me/2015/05/16/scary-times-at-the-leap-second-lab/

I am not sure where the problem stems from and as of now I'm leaning on
something in the system rather than in ntpd. However, if any of you who
knows the code innards could take a look and confirm that there is
nothing in ntpd that could be at the root of the problem, it would be
great. As for Linux, a kernel developer has already contacted me. I will
share more information with him and everyone in the next few hours, as
soon as I finish putting things together.

The ntpd version is:
4.2.6.p2 on Debian squeeze
4.2.6.p5 on Debian wheezy and jessie

(all with Debian patches, of course)


Thanks in advance, ciao!
-- bronto

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] leap second warning bits in practice

[Marco Marongiu]

On 13/05/15 13:23, Miroslav Lichvar wrote:
 I'm not sure what exactly are you asking here. Do you see in your
 testing or the source code something different from what is described
 in the document?

No, I am trying to understand if what I understand* from the
documentation is correct.

* sorry for the repetition
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] leap second warning bits in practice

[Marco Marongiu]

On 13/05/15 11:03, Miroslav Lichvar wrote:
 On Tue, May 12, 2015 at 11:33:31AM +0200, Marco Marongiu wrote:
 On 12/05/15 11:28, Marco Marongiu wrote:
 Hi there

 In http://doc.ntp.org/4.2.6p5/ntpd.html#leap I read: If the leap is in
 the future less than 28 days, the leap warning bits are set.

 What are the practical consequences of the warning bits being set? Will
 they cause the leap second to be armed in the kernel eventually? What if
 the kernel discipline is disabled?

 To be a bit clearer, further down it says When a majority of the
 survivors show warning, a leap is programmed at the end of the current
 month. What does that programmed stand for...?
 
 I think it means setting of the leap status that's reported in NTP
 packets and if the kernel discipline is enabled it also sets the
 kernel leap status bits.
 

Thanks for your answer Miroslav

I don't think it's the case. In the linked doc, the sentence right after
the quoted one says:

If in the future less than 23 hours, the kernel is armed to insert one
second at the end of the current day

I understand that the leap second is not armed in the kernel if only the
warning is set. Rather, it seems that the warning is used by a client to
understand if it should believe its upstreams when they claim there will
be a leap second by this month.

I think my interpretation is correct but I'd really appreciate if
someone could either confirm or clarify, so that I/we know exactly what
to expect.

Thanks
-- bronto

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

[ntp:questions] leap second warning bits in practice

[Marco Marongiu]

Hi there

In http://doc.ntp.org/4.2.6p5/ntpd.html#leap I read: If the leap is in
the future less than 28 days, the leap warning bits are set.

What are the practical consequences of the warning bits being set? Will
they cause the leap second to be armed in the kernel eventually? What if
the kernel discipline is disabled?

Thanks, ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] leap second warning bits in practice

[Marco Marongiu]

On 12/05/15 11:28, Marco Marongiu wrote:
 Hi there
 
 In http://doc.ntp.org/4.2.6p5/ntpd.html#leap I read: If the leap is in
 the future less than 28 days, the leap warning bits are set.
 
 What are the practical consequences of the warning bits being set? Will
 they cause the leap second to be armed in the kernel eventually? What if
 the kernel discipline is disabled?

To be a bit clearer, further down it says When a majority of the
survivors show warning, a leap is programmed at the end of the current
month. What does that programmed stand for...?

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Trouble Simulating Leap Seconds

[Marco Marongiu]

23:59:59 of which timezone?
 Il 02/apr/2015 03:14 Jim Witschey jim.witsc...@datastax.com ha scritto:

 Hey all,

 I'm trying to simulate a leap second on a cluster of Ubuntu AWS
 instances via NTP, and I could use some help. I've set up a basic NTP
 server with a leapfile as described here:

 https://support.ntp.org/bin/view/Dev/LeapSecondTest

 The server's warning for the upcoming leap second seems to propogate
 to the clients, as I see `leap_armed` in the output for `ntpq -c rl`
 before midnight, and `leap_event` afterwards. However, when I loop
 `date -u` over the leap second, I don't see a leap second getting
 inserted -- I expect 23:59:59 to last for 2 seconds, but it doesn't.
 The time goes straight from 23:59:59 to 00:00:00 the next day.

 In addition, I don't see any information about inserted leap seconds
 in the logs when I search with `dmesg | grep leap` or `sudo grep leap
 /var/log/syslog`.

 Am I missing something? I can provide more information on request.

 Jim Witschey
 ___
 questions mailing list
 questions@lists.ntp.org
 http://lists.ntp.org/listinfo/questions

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Wow, this was nice...

[Marco Marongiu]

On 12/03/15 00:09, Harlan Stenn wrote:
 Charles Babcock wrote an article about NTP and me and NTF and ...
 
 http://www.informationweek.com/it-life/ntps-fate-hinges-on-father-time/d/d-id/1319432?
 

Argh...
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] ntpd -x and leap seconds

[Marco Marongiu]

On 09/02/15 11:49, Miroslav Lichvar wrote:
 I was wondering what others think about handling leap seconds when
 ntpd is running in the slew only mode (-x option).
[...]
 In 4.2.6 was added support for leap seconds in the daemon loop and
 ntpd now steps the clock by calling settimeofday() or clock_settime(),
 even if the step threshold (set by -x or tinker step) is larger than
 one second.

That was my plan (actually using tinker for that and explicitly
disabling the kernel discipline). My tests three years ago suggested
that the clock wasn't stepped but maybe I was using 4.2.4?

Anyway, I'll let you know as soon as I can set some time aside to do
these tests.

Ciao
-- bronto


___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Mitigating the ::1 spoof vulnerability

[Marco Marongiu]

Hi Harlan, and thanks. Comments below

On 06/02/15 23:44, Harlan Stenn wrote:
 Debian Squeeze doesn't have a patched package available in the
  squeeze-lts series yet. On those clients would a restriction like
  
  restrict ::1 ignore
  
  mitigate the vulnerability?
 I think so, but it will also make it much harder to use ntpq and other
 things.

Sure thing, I'm aware of that. On the other hand, I don't need that on
the big majority of the nodes and, on those where I still need it, I can
still fall back to IPv4's 127.0.0.1.


 It also won't do anything to protect other services that might
 use source ACLs for protection


Of course not. But we fix that on a per-site basis rather than locally
on each node.


 Better to:
 
 - fix your firewall rules to block ::1 incoming packets on external
   interfaces

Yep, see above.


 - just build 4.2.8p1 and install it

By the way, are there debian packages for 4.2.8p1? I wasn't able to find
any.

Many thanks, ciao!
-- bronto


___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Mitigating the ::1 spoof vulnerability

[Marco Marongiu]

Hi David, and thanks for answering

On 06/02/15 14:44, David Woolley wrote:
 Debian Squeeze doesn't have a patched package available in the
 squeeze-lts series yet. On those clients would a restriction like

 restrict ::1 ignore

 mitigate the vulnerability?

 
 Sounds more like you need to fix the firewall.

That's understood and it's the advised solution. However, for reason I
can't elaborate here, I can't fire up a firewall on every node just for
this. If using restrict ignore would prevent the vulnerability to be
exploited, we'd be fine with that on pre-wheezy nodes.

What do you think?

Ciao
-- bronto


___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

[ntp:questions] Mitigating the ::1 spoof vulnerability

[Marco Marongiu]

Hi there

I'm referring to this one in particular: ::1 can be spoofed on some
OSes, so ACLs based on IPv6 ::1 addresses can be bypassed.

Debian Squeeze doesn't have a patched package available in the
squeeze-lts series yet. On those clients would a restriction like

restrict ::1 ignore

mitigate the vulnerability?

Thanks
-- bronto


___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Leap second to be introduced in June

[Marco Marongiu]

On 21/01/15 15:31, Mike S wrote:
 On 1/21/2015 2:10 AM, Mike Cook wrote:
 And one of the reasons why a significant portion of the computing
 community wants to get rid of leap seconds. A coverup for bad
 engineering practices.
 
 That's right. Instead of recognizing that the world rotates on it's own,
 they want to change reality so the world rotates around them. Lazy ass
 programmers, trying to claim that leap seconds cause issues, when it is
 software which doesn't handle time properly which is the root cause.

Two days ago I've been interviewed by the Italian national radio
broadcaster about the leap second. It was between 11:30-12:00 Rome time.

Closing the interview the host asked me I guess you would be happy if
the leap second was suppressed, you'd have quite less problems to
handle, wouldn't you?!. And I replied I'd actually be happier if
programmers did their job properly, for example not assuming that a
minute always lasts 60 seconds, no matter what.

Funny that 3 hours later, on the other side of the planet, you have
written the same thing...

It's a +1 from me, too. I guess it was clear ;-)

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Leap second not handled correctly on Windows 8

[Marco Marongiu]

On 19/01/15 09:25, Martin Burnicki wrote:
 Marco Marongiu wrote:
 On Linux it worked correctly... That is?
 
 Yes. My first tests were more focused on Windows in different versions,
 and I used just another Linux box with a simple setup (just NTP client,
 no leap second file) to compare the results against those from windows.
 
 I'm going to run more tests with different configurations and will post
 here if the tests pass or fail.

Hm, not sure I got everything but... OK, thanks ;-)
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Leap second not handled correctly on Windows 8

[Marco Marongiu]

On 19/01/15 14:47, Martin Burnicki wrote:
 Actually I've tested a 4.2.8 client on Linux which only receives the
 leap second warning from an upstream NTP server.
 
 There are other configuration options like presence of a leapsecond
 file, NTP server mode receiving the announcement from a refclock, etc.

I see

What I'll test starting (all probably) from February will be how the
leap second is handled by recent versions of the Linux kernel and how it
is handled by ntpd when kernel discipline is disabled. And then a number
of other cases that grows each day :-)

Yes, I'll share the results :-)

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] NTP Autokey - who is actively using it?

[Marco Marongiu]

On 15/01/15 03:06, Harlan Stenn wrote:
 I'm trying to figure out if anybody is actively using autokey, in a
 production deployment.
 
 If you are, please let me know - I have some questions for you.
 

That's in my TO-DO list since at least 2011. When I tried to configure
it at the time and on the ntpd version that was bundled with Debian
Lenny it didn't work properly. Whether it was because I f* it up or
because it wasn't properly implemented, I couldn't tell honestly.

In short: using now, no; will use in the future, definitely yes!

Ciao
-- bronto

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Leap second to be introduced in June

[Marco Marongiu]

On 12/01/15 06:10, William Unruh wrote:
 I also admit I do not know how windows impliments leap
 seconds. 

I don't have a reference, but I remember that at the time of the latest
leap second I read that Windows will half the clock speed at 23:59:59 so
that it reaches 00:00:00 at the right time. It pays the price of being
wrong for two seconds in order to save the system from a discontinuity.

But again, I read it in 2012 somewhere I don't have a reference of, and
things may have changed since then.

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Leap second to be introduced in June

[Marco Marongiu]

On 12/01/15 11:48, Martin Burnicki wrote:
 Fortunately Dave Hart had some time to have a closer look at this, and
 fix it for 4.2.6, so unless something has been broken again in the mean
 time it should be fixed in 4.2.6 and later, and should work correctly.

Let me understand: you mean that in 4.2.6 ntpd will slew down the clock
by two seconds on systems where you can't notify the kernel?

If so, does it also mean that it would do the same when you disable the
kernel discipline by adding a disable kernel in ntp.conf?


 I'm planning to do some testing soon to verify this.

If you shared the results of your testing when you're done, that would
be great ;-)

Ciao
-- bronto

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

[ntp:questions] Leap second to be introduced in June

[Marco Marongiu]

Get ready, fellows. It's coming again.

-- bronto


 Forwarded Message 
Subject: Bulletin C number 49
Date: Mon, 05 Jan 2015 14:25:49 +0100
From: IERS EOP Product Center services.i...@obspm.fr
Reply-To: IERS EOP Product Center services.i...@obspm.fr
To: bulc.i...@obspm.fr




 INTERNATIONAL EARTH ROTATION AND REFERENCE SYSTEMS SERVICE (IERS)

SERVICE INTERNATIONAL DE LA ROTATION TERRESTRE ET DES SYSTEMES DE REFERENCE

SERVICE DE LA ROTATION TERRESTRE DE L'IERS
OBSERVATOIRE DE PARIS
61, Av. de l'Observatoire 75014 PARIS (France)
Tel.  : 33 (0) 1 40 51 22 26
FAX   : 33 (0) 1 40 51 22 91
e-mail: services.i...@obspm.fr
http://hpiers.obspm.fr/eop-pc

  Paris, 5 January 2015

  Bulletin C 49

 To authorities responsible for the measurement and distribution of time



   UTC TIME STEP
on the 1st of July 2015


 A positive leap second will be introduced at the end of June 2015.
 The sequence of dates of the UTC second markers will be:   

  2015 June 30, 23h 59m 59s
  2015 June 30, 23h 59m 60s
  2015 July  1,  0h  0m  0s

 The difference between UTC and the International Atomic Time TAI is:

  from 2012 July 1,0h UTC, to 2015 July 1  0h UTC  : UTC-TAI = - 35s
  from 2015 July 1,0h UTC, until further notice: UTC-TAI = - 36s



 Leap seconds can be introduced in UTC at the end of the months of December
 or June, depending on the evolution of UT1-TAI. Bulletin C is mailed every
 six months, either to announce a time step in UTC or to confirm that there
 will be no time step at the next possible date.


  Daniel Gambis
  Head
  Earth Orientation Center
of IERS
  Observatoire de Paris, France


___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] No association ID's returned after a period of time

[Marco Marongiu]

On 12/18/2014 01:08 PM, saxenaakas...@gmail.com wrote:
 I have configured NTP version 4.2.6 server on fedora 20 machine.
 server side I am using local system time and given a broadcast subnet
 and all other options are disabled and on client's side I enabled
 only broadcast client. I haven't given server's address as according
 to my understanding server should broadcast NTP packets and client
 will automatically listen NTP packets and will get sync. but my NTP
 client is not syncing with server. please help me with all
 possibilities.

Can you please post the config for the server and a client?
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] NTP roadmap (was Re: Poul-Henning Kamp and re-write of NTP)

[Marco Marongiu]

On 08/12/14 04:00, Harlan Stenn wrote:
 Several more volunteers (coders and sysadmin typs) would be great,
 too.

Can you please elaborate on what kind of help do you need from sysadmin
folks, please?

Ciao!
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] restrict -4/-6?

[Marco Marongiu]

On 11/11/2014 10:17 AM, Harlan Stenn wrote:
 Does anybody have a good reason why we should keep these around for the
 'restrict' case?

No good reason to keep that, but I'd still support them by making those
options no-ops and throwing a warnings both on console and syslog.

-- M

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] three questions about ntpd, kvm-clock and clock speeds

[Marco Marongiu]

 Apologies for this question not being 100% pertinent to ntpd, but I'd
 need an authoritative answer and there is no place like this list to
 find real expert of computer clocks and time synchronization.
 Too many wannabes and professed experts out there.
 
 Plenty here too?

Possibly. But the good ones are well known here.


 Why not ask @ linux-kvm.org ?
  They should know the specifics
   of their implementation of virtualization better than others?

You chose the right verb and tense, they _should_:

From the KVM FAQ:
http://www.linux-kvm.org/page/FAQ#I.27m_experiencing_timer_drift_issues_in_my_VM_guests.2C_what_to_do.3F

Two IMHO and one Perhaps don't really build confidence in me that
the person who wrote that answer was expert in the subject. Sure, I may
have better luck in a mailing list there but... h


 https://s19n.net/articles/2011/kvm_clock.html

I knew this one: old, outdated, almost a verbatim copy of the Red Hat
document below, doesn't really explain how things work and, in
particular, what are the effects of selecting the kvm-clock clocksource.


 https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Administration_Guide/chap-Virtualization-KVM_guest_timing_management.html

As above, aside that it's not the verbatim copy of the document below ;-)


 http://doc.opensuse.org/documentation/html/openSUSE_114/opensuse-kvm/cha.libvirt.config.html#sec.kvm.managing.clock

I knew this one, too. Doesn't even say how to enable the kvm-clock
clocksource if it's not already. Doesn't say a word about what that
setting is supposed to do.


 http://th.oughts.org/2014/04/kvmclock.html

I didn't know this one, it seems fairly recent (presumably April 2014).
It was better in that the author seems to know what he's talking about.
Still it doesn't clearly answer my quests.

I've also found this thread, for what it's worth:
http://ubuntu.5.x6.nabble.com/Questions-about-KVM-Clock-and-NTP-for-Ubuntu-Guests-td5022402.html

As with the email I started this thread with, it makes a number of
speculations and asks someone to confirm his findings. And that doesn't
happen. And then he updates the Ubuntu wiki:
https://help.ubuntu.com/community/KVM/FAQ#Should_NTP_be_used_for_time_synchronisation.3F

where the recommendation is to... use NTP on guests (ugh...). He also
speculates that kvm-clock exposes the host time to the guest, but that
doesn't neither match my experience nor the article at th.oughts.org


 I didn't collect any data but so far it turned out that, once syncing
 the VM's system clock to a reliable source via ntpdate, and then syncing
 the VM's hardware clock with the system clock via hwclock --systohc,
 everything seems to stay in sync,
 
 Try ntpd.exe -g ... instead of ntpdate first?

I was expecting this one...

ntpd -g would require a valid configuration file to be present
somewhere. Sure one could do

echo server ntp.example.org  /etc/ntp.conf  ntpd -gq

but ntpdate ntp.example.org is way more handy so, like it or not,
ntpdate is going to stay for a long time, even after it's retired.

Ciao
-- bronto

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

[ntp:questions] three questions about ntpd, kvm-clock and clock speeds

[Marco Marongiu]

Hi all

Apologies for this question not being 100% pertinent to ntpd, but I'd
need an authoritative answer and there is no place like this list to
find real expert of computer clocks and time synchronization. Too many
wannabes and professed experts out there.

I have some empirical experience about clock synchronization in KVM
environments on Linux that can definitely use the scrutiny of
knowledgeable eyes to be properly confirmed or refuted.

On the web many (supposedly) authoritative sources disagree about how
clocks should be synced on KVM hosts and VMs. You can find both those
who say that ntpd should run on both sides and others that advise for
having ntpd just on the host and have the VMs use the kvm-clock
clocksource to follow the host's clock (but they don't say what
follow exactly means). I am part of the latter current of thought and
that's how we usually set our VMs.

However, we saw a number of VMs that, once set to use kvm-clock set,
didn't correct their offset, which seemed to stay more or less constant
compared to the host's clock. A further check showed how the system
clock on the VM was also offset from the VM's hardware clock. This
latter finding is no surprise: it's quite normal that the hardware clock
and the system clock can drift apart if there is no external
intervention to keep them in sync.

In turn, the VM's hardware clock could be offset from the host's
hardware clock (which is in sync with the host system clock via ntpd). I
don't know why it is but that can make sense, too, since you want the
two clocks to evolve in the same way over time (have the same speed)
while they must be able to sport different times (e.g.: the hw clock on
the host may be set to UTC while the one on the VM could be set to
localtime). This accounts for a first question:

Q1: is this what happens when using the kvm-clock clocksource? That is:
does it sync the speed of the two hardware clocks leaving the time on
the clocks independent?

In that case, follow would mean run at the same speed, may have a
different time.


I didn't collect any data but so far it turned out that, once syncing
the VM's system clock to a reliable source via ntpdate, and then syncing
the VM's hardware clock with the system clock via hwclock --systohc,
everything seems to stay in sync, which makes for the second question:

Q2: when using the kvm-clock clocksource and assuming that the answer
for Q1 is positive, is the speed of the VM's system clock also synced
with the hardware clocks'?


If so, then everything is cut and dry: with the kvm-clock clocksource
we'd have:

host hw clock speed == VM hw clock speed == VM sys clock speed

And putting ntp and ntpd in the picture:

time from ntpd -- host sys clock -- host hw clock

so that if we align the time on the VM's clock with the time from an NTP
source:

NTP time --[ntpdate]- VM sys clock --[hwclock --systohc]- VM hw clock

then we'd have

VM sys clock ~~ host sys clock


Q3: how correct, or how wrong, is all this?


Thanks in advance for your wisdom
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Best practices

[Marco Marongiu]

On 09/15/2014 09:54 AM, Brian Inglis wrote:
 You could also set up your routers as stratum 3 peering with other
 nearby routers and using some nearby Linux hosts as stratum 2 servers.

call me picky, but I strongly prefer that routers mind their own
business, at which they are supposed to be good, and leave to other
devices the role of NTP servers, at which their performance has never
impressed me.

-- M
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Best practices

[Marco Marongiu]

I understand that clients in one DC will use both the NTP servers in the
same DC and in the other one. Is my understanding correct?

On 09/04/2014 10:03 AM, Mike Edwards wrote:
 The DCs support remote offices. I am thinking of configuring the
 Linux hosts with 3 time servers, the two at the closest DC, and one
 from the other DC.

the downside of this configuration is that if you lose connectivity to
the DC that provides the single NTP server, you'll end up with the
clients using two NTP servers, which gives poor results.

I believe you can mitigate this in two ways:

1) have three servers in each DC and have the clients in the remote
offices connect to all the six of them -- if you lose connectivity to
one DC you will still run on more than two servers

2) use the configuration you mentioned but have the clients in the
remote offices prefer one of the servers from the DC that serves two.
This way you'll make ntpd trust (so to say) more one of the two and
partially mitigate the bad side effects of having two.

my 0.02

Ciao!
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Windows-ntp on a vps creates a bigger and bigger delay?

[Marco Marongiu]

On 09/03/2014 08:51 AM, David Woolley wrote:
 On 01/09/14 17:01, gooly wrote:

 I just installed ntp on my Win 7 pc where it runs perfectly the
 difference is around 0,5 sec.
 
 500ms is very bad.
 

 Then I installed ntp on my 2008 R 2vps where the delay gets bigger and
 bigger, around 12 sec per 30 min ??
 
 ntpd requires the basic drift rate of the platform to be somewhat less
 than 500 ppm and a good platform will have drift of less than 20 ppm
 with a variability of less than a couple of ppm.  6667 far exceeds this
 and you need to fix that problem before you try to run ntpd.

Add that ntpd and virtual machines don't play nice together as it is
like the processor of the VM is always changing its speed.

-- M

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] NTP and DoS attacks

[Marco Marongiu]

Il 02/20/2014 06:21 AM, Harlan Stenn ha scritto:
 Folks,
 
 Just in case you might be interested, I published a blog post about NTP
 and the recent attacks:
 
  http://nwtime.org/ntp-winter-2013-network-drdos-attacks/

The site is not reachable at the moment. Maybe it's under attack? :)

-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] NTP request retry?

[Marco Marongiu]

On 01/26/2014 08:08 PM, Rob wrote:
 My hypothesis is that the ARP entry for the NTP server has timed out,
 and when ARP has to resolve an entry in some implementations the first
 packet is always lost (it is not cached pending a reply).
 When the cycle is 1024 seconds, the ARP entry has again timed out the
 next poll cycle and the issue is the same.

If you believe that it is the problem, and you own the servers you're
polling, then you may set maxpoll so that the polling interval is always
smaller then the ARP cache timeout.

Please *don't* do that if you're querying public servers: rather verify
your hypothesis and, if you're right, see if you can solve the issue
internally. If you can't, check with the public server owners if you can
have a few machines with short polling intervals, get their permissions,
then configure your internal servers and have your machines point to them.

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] simple nt.conf cases for ntp-client

[Marco Marongiu]

Il 01/24/2014 12:09 AM, David Woolley ha scritto:
 3) second filter: a new value for the error that fits the majority of
 these C references is calculated; the L references that don't fit in
 this error interval are called outlyers; the S=C-L references that
 remain are considered;
 
 Ones that don't fall within the the largest mutually consistent set of
 error bounds are called false tickers, not outlyers.

Right, my fault. The outlyers are those N-C that remain from step 2).
Apologies, and thanks for pointing it out.

-- M

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] simple nt.conf cases for ntp-client

[Marco Marongiu]

Il 01/23/2014 09:42 PM, Brian Inglis ha scritto:
 According to book Expert Network Time Protocol from PETER RYBACZYK:

 I don't have that book. I'd appreciate that anyone in this list that has
 reviewed the book can give their opinion about it.
 
 http://newsgroups.derkeiler.com/Archive/Comp/comp.protocols.time.ntp/2005-10/msg00021.html
 
 -- see DLM's recommendation? ;^

An authoritative endorsement, definitely :) Thanks!

Ciao
-- bronto

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] simple nt.conf cases for ntp-client

[Marco Marongiu]

Hi Peter

In your questions, you are showing configuration snippets as they were
taken from some authoritative source. Would you mind sharing that source?

As for me, I consider the following to be *the* authoritative sources
for anything NTP:

http://www.eecis.udel.edu/~mills/ntp/html/index.html
http://doc.ntp.org/
http://support.ntp.org
http://www.ntp.org/ntpfaq/NTP-a-faq.htm

That said, let's see.

On 01/23/2014 08:29 AM, ardi wrote:
 Below are described some basic cases for ntp.conf on ntp-client:
 
 a)
 In the simplest case of ntp-client the following ntp.conf is defined:
 
 restrict default noquery nomodify notrap
 restrict 127.0.0.1
 driftfile /var/lib/ntp/ntp.drift
 server xx.xx.xx.xx minpoll 4 maxpoll 4 
 restrict xx.xx.xx.xx
 
 Why should i need the restrict line xx.xx.xx.xx?
 What does the first restrict line means?

First things first: why minpoll and maxpoll? The defaults are generally
OK -- I had to change that manually only in special cases, and I can
count them on one hand.

Regarding restrict, everything you need to know about noquery, nomodify,
notrap is here, along with all the information about that directive:
http://doc.ntp.org/4.2.6p5/accopt.html

If you need some guidance to select the right restrictions that work for
you, please see
http://support.ntp.org/bin/view/Support/AccessRestrictions


 b1)In case using 2 ntp-servers from which my ntp-client can get time,
 is my ntp-client taking time from xx.xx.xx.xx
 and if this server is not reachable then from xx.xx.xx.yy?

First: don't use two servers, it's the worst possible configuration.

The server selection algorithm and why you should use four servers
whenever possible is sketched here:

http://www.ntp.org/ntpfaq/NTP-s-algo-real.htm#Q-NTP-ALGO


 What does prefer do in this case b2)?

See this page, section The prefer Peer, after reading the reference
above. In short: if the server marked with prefer is selected as a
survivor, it will be preferred among all other survivors -- it will be
used when the algorithm would otherwise have selected another server.
http://doc.ntp.org/4.2.6p5/prefer.html


 Is there any difference between b1) and b2) case?

This is left as an exercise to the reader :)


 b3)
 what about this case b3) below?
 Is time taken for the ntp-client according to order of lines - i mean the 
 xx.xx.xx.xx is taken as time source?
 or the 2nd server xx.xx.xx.yy is preferred?

This should be fairly clear now, if you took the time to check the
references I've mentioned.

I'd be really curious to check the source of your snippets. Is it a web
page we can take a peep at?

Ciao!
-- bronto


___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] simple nt.conf cases for ntp-client

[Marco Marongiu]

On 01/23/2014 11:00 AM, ardi wrote:
 On Thursday, January 23, 2014 9:36:35 AM UTC+1, Marco Marongiu wrote: Well, 
 I have come across almost all of the pages, you are mentioning below,
 but it seems, i have combined the info wrongly for my example...:-)

:-)


 Does it mean these minpoll, maxpoll parameters are not needed in most
 of the cases?

Yes, that's what I mean.


 According to book Expert Network Time Protocol from PETER RYBACZYK:

I don't have that book. I'd appreciate that anyone in this list that has
reviewed the book can give their opinion about it.


 The minpoll and maxpoll parameters represent minimum and maximum
 polling intervals for reference clock messages in seconds to the
 power of 2. For example, if minpoll=3 and maxpoll=4, the minimum
 polling interval would be 8 seconds, and the maximum polling interval
 would be 16 seconds.
 
 What does minimum and maximum polling intervals for reference clock
 messages mean?
 polling = messaging with NTP servers to estimate the offset ???

Yes, but you don't need to query the servers every 16 seconds. Normally,
once a peer is selected, ntpd gradually extends the polling interval
from 64 to 128 seconds, to 256, 512, and finally 1024. Querying every 16
seconds is a bit obsessive and doesn't bring much more accuracy than the
standard settings. Not to mention that your references may rate limit
you, or refuse to talk to you altogether.


 First: don't use two servers, it's the worst possible configuration.
 
 Why not? what if one of the servers fail? then the client can get time from 
 the other ntp-server.

Please, read this section and my previous message carefully:
http://www.ntp.org/ntpfaq/NTP-s-algo-real.htm#Q-NTP-ALGO

I am not saying that you should use only one server: I am saying that
using two is bad, and that you should use four.

Ciao
-- bronto

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] simple nt.conf cases for ntp-client

[Marco Marongiu]

On 01/23/2014 12:52 PM, ardi wrote:
 Reading: http://www.ntp.org/ntpfaq/NTP-s-algo-real.htm#Q-NTP-ALGO
 
 Two time sources cannot be split into two parties where one has a majority.
 What does this majority means?

It's in the sentence: all values must lie within the error interval the
majority of candidates defines

I am about to have all the real NTP gurus in this list bash me hard for
what I am about to write, but I am willing to help once more. Very
informally, and with *no* rigour whatsoever, this is a sketch of what
happens:

1) data collection: N references are queried, returning the time and an
estimation of their error;

2) first filter: among those N, C references are selected that have a
dispersion lower than a maximum
(http://en.wikipedia.org/wiki/Statistical_dispersion); those are called
candidates;

3) second filter: a new value for the error that fits the majority of
these C references is calculated; the L references that don't fit in
this error interval are called outlyers; the S=C-L references that
remain are considered;

4) peer selection: among the references in S, the one that has the
smallest dispersion is selected, and ntpd will follow it until the
next evaluation of the data collected from the sources.

If you have just two references, the step 2) doesn't bring you anywhere
as it is impossible to reach a majority. It's like you're skipping step
2), and the results lose accuracy.

If you have three references it's OK, but should one fail you fall back
into the two-server case. To reliably survive to the failure of one
source, you need to have 4 references.

I hope it is clearer now, because if it's not, I can't help further :)

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] simple nt.conf cases for ntp-client

[Marco Marongiu]

On 01/23/2014 04:16 PM, Brian Utterback wrote:
 On 1/23/2014 8:06 AM, Marco Marongiu wrote:
 If you have just two references, the step 2) doesn't bring you anywhere
 as it is impossible to reach a majority. It's like you're skipping step
 2), and the results lose accuracy.
 
 Not to put too fine a point on it, but if you have two servers and one
 of them has the correct time and one is way off, with only two servers
 the one that is far off is just as likely to be chosen as the correct
 one. Worse still is you are subject to clock hopping, where each of
 the two servers are chosen alternately. Most news versions of NTP have a
 certain amount of server stickiness built in to suppress clock
 hopping, but it can still occur, especially if your servers reboot
 frequently. Clock hopping can destabilize the frequency correction
 feedback loop which in turn can lead to increasingly large clock
 offsets. Not what you want.

Thanks for pointing out this Brian, it was not a detail. And it's often
referred to with the sentence a man with two clocks never knows what
the time is (or a similar sentence in correct English :)

Ciao
-- M

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] simulate leap second

[Marco Marongiu]

Il 12/27/2013 04:27 AM, Williams Catherine ha scritto:
 I want to simulate leap second case. I have one linux server as NTP server.
 How can I make the server get leap second indicate?

I did leap second simulations before the latest one, and wrote a blog
post with some detail. Check this: http://wp.me/p3wWVC-4Y

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

[ntp:questions] DDOS attacks and NTP

[Marco Marongiu]

Hi all

A colleague contacted me yesterday and asked:

 You being somewhat tied to the NTP world, hear anything about public
 NTP servers being used for amplification in ddos attack?

I haven't heard anything about that. Have you? In case, anything you can
share about that?

Thanks, ciao!
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] DNS resolution on ntpd

[Marco Marongiu]

 I looked up dns, resol, and ip to no avail.
  Am I missing something?
 
 Maybe dynamic or pool?
 
 
 http://archive.ntp.org/ntp4/ChangeLog-dev

Thanks!
-- M
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] DNS resolution on ntpd

[Marco Marongiu]

Il 08/05/2013 07:40 PM, Steve Kostecke ha scritto:
 The ChangeLog for production releases may be viewed on-line at
 http://archive.ntp.org/ntp4/ChangeLog-stable
 
 The documentation for production releases is archived at
 http://doc.ntp.org

Thanks Steve, I knew the doc website, but not the changelog.

However, the only related thing I found is

* [Bug 987] Wake up the resolver thread/process when a new interface has
  become available.

I looked up dns, resol, and ip to no avail. Am I missing something?

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

[ntp:questions] DNS resolution on ntpd

[Marco Marongiu]

Hi all

I think I remember that older versions of ntpd did name resolution only
upon start, while more recent ones check the name/IP association every
once in a while.

Assuming I remember well, in which version was this change introduced?
Are there configuration options that control this behaviour?

Thanks, ciao!
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] ntp architecture

[Marco Marongiu]

On 24/05/2013 07:42, Riccardo Castellani wrote:
 What do you think for my architecture about this configuration in my ntp.conf 
 for all 3 servers:

I never use them

Ciao!
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] ntp architecture

[Marco Marongiu]

On 21/05/2013 14:31, Riccardo Castellani wrote:
 n.4 srv Internet-- server A
 
 server A -- server B
 server 
 A -- server C
 
 
 
 A is my internal source
 B,C are cluster machine so hardware 
 is reliable but I don't want to present these servers directly  on pubblic 
 network

My comments:

1) two servers is maybe the worst situation; use one, or three, or four
if possible, but not two.
See http://www.ntp.org/ntpfaq/NTP-s-algo-real.htm#Q-NTP-ALGO

2) both servers pointing to A: A is a single point of failure. If A
dies, B and C will both be left to their own devices.

I had a similar problem -- I needed to feed clients in a private network
that were not NAT'ed to the public network, and did as follows.

I have four servers on the public network, Pu1..Pu4; each of those
server uses four different public sources, and no public source is
shared between two different servers (so they are 16 in total).

I have four servers on the private network, Pr1..Pr4. Each one of them
uses Pu1..Pu4 as sources, but PrX marks PuX as preferred. This way, in
normal conditions they all follow a separate source (in a sense, PrX is
a repeater of PuX in the private network).

If a public servers fails, say Pu1, then Pr1 will follow the one among
Pu2..Pu4 it thinks it's the best. The service on both public and private
will be a bit degraded, but the resulting configuration will still be
good enough to give us time to fix problems safely.

HTH

Ciao
-- bronto

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] NIST vs. pool.ntp.org ?

[Marco Marongiu]

Il 03/27/2013 10:24 PM, unruh ha scritto:

You do NOT want to hard code anything into your program. That is
extremely bad form, unless that address is one controlled by you.


Indeed. Robert, please see:

http://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse

and in particular:

http://en.wikipedia.org/wiki/NTP_server_misuse_and_abuse#D-Link_and_Poul-Henning_Kamp

a notable case among already notable cases...

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] how to configure ntp for conditional use of servers, depending on my LAN status?

[Marco Marongiu]

On 09/01/13 20:21, dar8...@eml.cc wrote:
 i'm not sure if/how to implement this conditional fallback 'logic' for
 ntp's server selection.

I had a similar problem, and I use cfengine to solve that: depending on
the network to which I am attached, my ntpd gets a different
configuration: Italian pool servers when I am in Italy, Norwegian pool
servers when I am in Norway, but not in the office; and our office
servers when I am in the office

You can find some information about my location detection policy here:
http://my.opera.com/marcomarongiu/blog/2012/11/24/location-detection-in-cfengine

I shall write a post to describe the policy I use to write ntp.conf and
restart the service. Unfortunately, I've been quite busy lately and
wasn't able to make some room for that.

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] WARNING: someone's faking a leap second tonight

[Marco Marongiu]

On 01/08/12 04:40, jclerm...@gmail.com wrote:
 Yes, this affected us.  Can someone explain why this was done?  Was
 it designed to be a test of some kind?  The Linux leap second kernel
 bug that was discovered a month ago was only patched on July 17; that
 patched kernel has presumably not made it to many (most?) people yet.
 So if it's a test it seems wildly premature.

I tried to collect some information around the globe, but with scarce/no
feedback. I am *suspecting* that this could be a rather imaginative
attempt to DOS worldwide.

Anyway, a colleague of mine is now hunting down some upstreams that
faked the leap second. If we get something out of his research, I'll let
you know.

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] WARNING: someone's faking a leap second tonight

[Marco Marongiu]

On 01/08/12 10:28, Marco Marongiu wrote:
 I tried to collect some information around the globe, but with scarce/no
 feedback. I am *suspecting* that this could be a rather imaginative
 attempt to DOS worldwide.
 
 Anyway, a colleague of mine is now hunting down some upstreams that
 faked the leap second. If we get something out of his research, I'll let
 you know.

While my colleague is working with a stratum 1 timekeeper to investigate
this better, I called the people at INRiM in Italy -- INRiM is the
institution responsible for the official Italian time
(http://www.inrim.it/index.shtml). Mr.Pettiti confirmed there was *no*
leap second scheduled yesterday (as we all suspected, right?), so that
is definitely a fake.

It may well be a DOS attempt, but as another colleague of mine suggests,
it could also be a bug in some upstream servers, which didn't disarm the
leap second after June 30th, and propagated it again yesterday.

Question now is: assuming those servers were running ntpd, was such a
bug reported at some point?

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] WARNING: someone's faking a leap second tonight

[Marco Marongiu]

On 01/08/12 14:58, Marco Marongiu wrote:
 Question now is: assuming those servers were running ntpd, was such a
 bug reported at some point?

Plus, another question. If one uses the leapfile, are spurious leap
second notifications like this one discarded?

From the docs at http://doc.ntp.org/4.2.6/ntpd.html#leap I can't
understand if the leapseconds file is authoritative at the point that,
if a leap second notification is received for a leap second not in the
file, it is discarded. If so, that would help to avoid spurious leap
seconds like this one.

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

[ntp:questions] WARNING: someone's faking a leap second tonight

[Marco Marongiu]

Hi all

This is just to warn you that there are now some NTP servers around the
globe spreading a leap second announcement for tomorrow 00:00:00 UTC
(so, basically, in a few hours now).

If you didn't take action before the leapocalypse last month, you better
hurry now.

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

[ntp:questions] leap announcement hangups and kernel discipline

[Marco Marongiu]

Hi all

I assume everyone has read the reports about the mess connected to the
announcement of a leap second and bugs in Linux and Java. Anyway,
reports suggest that the calls of adjtimex by ntpd, related to the leap
second announcement, made the Linux kernel hang in heavy load conditions.

My question is: would that have happened if the kernel discipline was
disabled with disable kernel?

Thanks in advance

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

[ntp:questions] leap second happens on...

[Marco Marongiu]

...on June 30th/July 1st transition, so we'll have:

June 30th 23:59:59
June 30th 23:59:60
July 1st  00:00:00

The question is: does it happen at 00:00:00 UTC (so it must be shifted
ahead/behind depending on the timezone) or, by convention, it happens at
00:00:00 at the local timezone?

I am quite sure the first is the right one, but a colleague of mine
asked me the question well enough to make a doubt arise in my brain :)

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] leap second happens on...

[Marco Marongiu]

On 25/05/2012 15:01, Miguel Gonçalves wrote:
 It happens at 23:59:59 UTC: 
 ftp://hpiers.obspm.fr/iers/bul/bulc/bulletinc.dat
 
 The bulletin states that the leap second is introduced at the end of
 June so 00:00:00 is not a possibility because it is already July.

thanks a lot Miguel!

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions

Re: [ntp:questions] Failed to test leapsecond's handling

[Marco Marongiu]

Hi Martin, all

On 12/03/12 12:16, Martin Burnicki wrote:
 In my post from the earlier thread I wrote:
  Then you should set UTC time on that server close to (maybe 1 or 2 hours 
  before) midnight for the correct leap second date, e.g. 22:00 UTC on 
  June 30, 2012, and start ntpd on the server.

Erm... I know, but I couldn't leave two hours between each two tests, so
I was trying to find a shorter working interval. Unfortunately, when
they didn't work, this didn't come to mind immediately.


  I don't know if leap seconds are handled better in more recent kernels.
 A very quick look at the sources of some Linux kernel versions seems to
 indicate that the time interpolation during the leap second has been
 removed and replaced by simply stepping the clock back.
 
 Appearingly this has happened starting with kernel 2.6.23, where the
 function time_interpolator_update() isn't called anymore by the leap second
 handling code in  kernel/time/ntp.c.
 
 I haven't made some tests to verify that 2.6.22 still interpolates, but
 2.6.23 does not, though.

I have found this, not sure how much it is related:

http://forum.soft32.com/linux/PATCH-NTP-remove-clock_was_set-call-prevent-deadlock-ftopict346632.html

I am rather curious why they moved away from the advised handling to go
back to the stepped approach...

Ciao
-- bronto
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions