Re: Fedora 28 - python warnings

On Thu, May 10, 2018 at 9:44 AM, Gary E. Miller via devel wrote: > Yo Udo! > > On Thu, 10 May 2018 17:30:05 +0200 > Udo van den Heuvel via devel wrote: > > > I built ntpsec 1.1.0 for the first time on the Feddora 28 platform. > > I noticed that they want to

Re: NTS, Big picture

On Wed, May 30, 2018, 1:05 PM Hal Murray via devel wrote: > One of the key areas that I'm missing is the plans for deployment. Are we > intending to use the normal certificate distribution mechanism as used by > the > web? That depends on time. Is there a way around that? Do we need our >

Re: What do I type to proofread a man page?

On Jan 6, 2018 1:27 AM, "Hal Murray via devel" wrote: after waf has built it. And/or where should I look to find that info? 'man man' or 'pinfo pinfo' reaveals that the respective programs have command line options -l and -f ___

Re: Attn: Install path debaters

On Jan 3, 2018 5:23 AM, "Ian Bruene via devel" wrote: > > We are on track to merging the solution in !615, if you have objections > please state them *soon*, together with a patch that fixes the problem. We > are rapidly approaching the planned mid-January 1.1 date. > > To snip

Re: ntpEntStatPktModeTable.... what is it? (NTPv4-MIB)

On Wed, Feb 14, 2018 at 12:46 PM, Hal Murray via devel wrote: > I think we answer mode 0 as a client mode. It's probably some legacy > stuff. > IIRC there never was a mode 0. In NTP0 those bits were reserved and set to 0. Mode bits did not show up until NTP1. Before that the

Re: Python GUI ??

On Feb 17, 2018 10:49 PM, "Hal Murray via devel" wrote: What do people recommend for a GUI package to use with python? I want to plot a graph of something and update it in real time by scrolling all the old data to make room for the new samples as they arrive. Google suggests

Fwd: Does ntpq have a command line history mechanism?

a patch that seems to resolve it on my system. presumably, it also reintroduces 'the Unicode issue'. Also, it does not document the change. Also I need to work on my mailing list nettiqutte. 0001.patch Description: Binary data ___ devel mailing list

Fwd: https://gitlab.com/NTPsec/ntpsec/commit/0a2bb57e7c0b13c9f54150773b8798102f4b593d

On Thu, Aug 9, 2018, 5:55 AM Udo van den Heuvel via devel wrote: > Hello, > > Why is NTP in uppercase? > > statistics directory /var/NTP/ does not exist or is unwriteable, error > No such file or directory > Probably because someone typod it wrong in another commit. 'NTP' is contained in neither

Re: https://gitlab.com/NTPsec/ntpsec/commit/0a2bb57e7c0b13c9f54150773b8798102f4b593d

It looks like that particular section of code dates back at least 19 years. It's in ntpd/ntp_util.c:54 grep also reveals that it is in the documentation for ntpd. ___ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel

Re: [ntp:hackers] u-blox reference clock driver

On Sun, Aug 12, 2018 at 5:50 PM Gary E. Miller via devel wrote: > I'll be happy if we can get a copy of his code. > old(?) kernel (etc) patches for linux: https://gitlab.cs.fau.de/snippets/28/raw?inline=false & freebsd: https://gitlab.cs.fau.de/snippets/29/raw?inline=false incompatible refclock

Re: My git pull is broken

On Fri, Aug 24, 2018, 5:11 PM Hal Murray via devel wrote: > > Did the history rewriting trash the notes or something? > > Thanks. That's the hint I needed. > > I think I created a note (whatever they are) ages ago when I was trying to > fix > a typo in a commit comment. > > > I had skipped the

Re: build error

On Thu, Nov 1, 2018 at 8:29 AM Udo van den Heuvel via devel < devel@ntpsec.org> wrote: > Hello, > > After the recent commits I get: > > [259/261] Processing build/main/tests/test_libparse > [260/261] Processing build/main/tests/test_ntpd > [261/261] Processing build/main/tests/test_libntp > a2x:

Re: ntpleapfetch

Temporarily fixed in !831 until IERS breaks it again. The cause was not printf as I supposed in #512 but instead the sed on the preceding line. JamesB192 On Tue, Oct 30, 2018 at 5:23 PM Michael Simpson via devel wrote: > Hi Folks, > > got this output from latest ntpleapfetch with the newly

Re: ntpsec | add mid 2018s leap-second.list file under ./etc (!839)

On Mon, Nov 5, 2018 at 9:38 PM Hal Murray via devel wrote: > > fallenpega...@gmail.com said: > > The distros have gotten used to pushing tzdata every 6 months. > > If we could get the leapsecond data into that package, it would be > ideal. > > It's already in the package they send to IANA and on

Re: ntpleapfetch broken on FreeBSD 11.2 or NetBSD 8.0

On Sun, Nov 4, 2018, 2:47 PM Hal Murray via devel > "function" seems not to work in sh scripts. > > I doubt if ntpleapfetch ever worked. I don't use it. This showed up with > the > bin_check addition. (Thanks!) > > Anybody recognize this? > > FreeBSD: > > [murray@ted3 ~/ntpsec/play]$

Re: new ntpleapfetch

On Fri, Sep 28, 2018 at 3:42 PM Hal Murray via devel wrote: > > The recent ftp=>https change to ntpleapfetch also changed the host from > NIST > to IETF. > > -LEAPSRC="ftp://ftp.nist.gov/pub/time/leap-seconds.list; > +LEAPSRC="https://www.ietf.org/timezones/data/leap-seconds.list; > > The IETF

Re: NIST unit rules and conventions

On Fri, Sep 21, 2018, 1:07 AM Sanjeev Gupta via devel wrote: > Paul, > > Personally, I find 25kg, 50ppm, 3m, more readable; but that is neither > here nor there. > > My concern is that the space between "25" and "kg" should be > non-breaking. Else, readability suffers badly. How do you do this

Re: NTS

Ian Bruene via devel : > I'm told that there is a document written by the resident crypto expert > describing NTS. Does anyone have it? We might need to see it if we are > planning on implementing what is in it you know... The latest draft I see is at

Re: Diagram hacking and UTF-8

On 1/18/19, Eric S. Raymond via devel wrote: > While I think I get exactly why JamesB192 unleashed ditaa on the flow > diagram in nts.adoc, I think it's overkill for this use. One of the > possible futures for this document includes large parts of it becoming > the header comment in a file named

devel/nts.adoc edits

I have an HTML/SVG render of a modified devel/nts.adoc at: http://www.jamesb192.com:8001/james/nts.html The source in in MR !894 at: https://gitlab.com/NTPsec/ntpsec/merge_requests/894 I would appreciate it if people would look at it and provide constructive criticism about the content. The

Re: More word to nts.adoc

On Mon, Jan 14, 2019, 12:30 PM Gary E. Miller via devel Yo Hal! > > On Mon, 14 Jan 2019 12:19:09 -0800 > Hal Murray via devel wrote: > > > When the NTP server is returning new cookies to the client, they are > > encrypted so that a spy can't track the client if it moves to a new > > IP Address

Re: The key-manahement argument

On Mon, Jan 21, 2019, 9:20 AM Achim Gratz via devel Hal Murray via devel writes: > >> My thought about how to enable NTS for the pool would involve requiring > a SRV > >> record lookup for NTS-KE > > > > That SRV lookup could return multiple names. Each would point to a > separate > > NTS-KE

Re: 'AnsiTerm' object has no attribute 'buffer'

On Wed, Jan 23, 2019, 12:18 PM Hal Murray via devel > Gary said: > > I'm getting an odd build error on one of my hosts. Ideas? > > I asked about the same quirk yesterday evening. No responses. > > What OS/Distro are you using? > > I've seen it on NetBSD and FreeBSD. I thought I had one on

Re: First round of my stupid questions about NTS

On Thu, Jan 17, 2019, 5:54 PM Hal Murray via devel > Ian Bruene said: > > NTS-KE needs cookie generation because it has to render onto the client > the > > initial cookie stock. > > Right. But it doesn't actually have to generate them itself. It could > also > get them from the NTP-server. > >

Re: The key-manahement argument

On Sat, Jan 19, 2019, 2:50 PM Richard Laager via devel > neither is set: > > For a pool, behave as "nonts" (because the common pool case is a public > pool with volunteer servers that will not be able to present a valid > certificate for the pool). Actually, I think I came up with a way to NTS

Re: The key-manahement argument

On Sat, Jan 19, 2019, 5:35 PM Hal Murray via devel > > My thought about how to enable NTS for the pool would involve requiring > a SRV > > record lookup for NTS-KE > > That SRV lookup could return multiple names. Each would point to a > separate > NTS-KE server. > > An alternative approach would

Re: The key-manahement argument

On Sat, Jan 19, 2019, 4:30 PM Hal Murray via devel > > The NTS-KE servers would have to share NTS master keys (and cookie > formats!) > > with volunteer NTP servers. > > If you are interested in security, sharing a master key with many servers > seems like a bad idea - too many opportunities for

Re: Are we going to have a no-NTS-KE build option?

On Wed, Jan 23, 2019, 3:07 AM Hal Murray via devel > I'm thinking of updating INSTALL and/or devel/hacking.adoc to say > something > about pthreads and OpenSSL. > > If we did away with shared key authentication, we could potentially do > away > with needing libcrypto. Aside from authentication,

Re: puthon curses on NetBSD

On Tue, Dec 11, 2018, 3:00 AM Hal Murray via devel > I don't know why I didn't figure this out ages ago, but ... > > It's in a separate package rather than the main python package. > > Should we rip out the test for python curses? That makes curses a > requirement > for a clean build. > > Or are

Re: Leftover junk

On Mon, Dec 17, 2018, 12:48 PM Hal Murray via devel > I noticed another example. > > When we fixed install to skip ntpmon when it couldn't find curses, the > previous ntpmon was left installed. > > After installing curses, the old ntpmon --version would happily print out > the > current version

Re: ntpleapfetch on NetBSD

On Fri, Nov 30, 2018 at 11:09 AM Hal Murray via devel wrote: > It works if I change function foo to foo () > > Who is working on ntpleapfetch? Can I push a fix without stepping on WIP? > I was in !831, haven't worked on it for a while now as I think I had it ready for merge.

Re: Why is ntpclients/ntploggps.py in ntpsec rather than gpsd?

On Sun, Dec 9, 2018, 10:27 PM Hal Murray via devel > The only ntp-ism I can find is the version string. (and the name) > > > Context is an error message on a system that doesn't have gpsd installed. > It's not in our bin-check, but is in one of my old scripts. > I think because it started out

Re: Pending tasks

On Mon, Sep 17, 2018, 10:34 AM Eric S. Raymond via devel wrote: > Apologies for the daelay on this. Blame it on the Venusian Death Flu. > > We have several tasks in front of us on NTPsec. I want to get some > consensus from the tech team, and a strategy call from Mark, on how to >

Re: First NTS code

On 1/27/19, Eric S. Raymond via devel wrote: > I expect this module to be used by ntpd and a small ntske server > daemon. Because I don't believe incremental code is coing to be an > issue in any of our deployments, I've chosen an organization that > minimizes the exposed API and keeps both

Re: Cert pinning

On Sun, Mar 31, 2019, 4:47 PM Richard Laager via devel wrote: > On 3/31/19 5:07 AM, Achim Gratz via devel wrote: > > So yes, injecting the trust anchor(s) to use for a specific set of > > NTS-KE would be the easier option. > > How about this: > > 1) Add a root=file (or dir?) option. This

NTS: removed "not implemented" on server ca

On 4/2/19, Gary E. Miller via devel wrote: > And in the case of ostfalia, I only could get their root cert becuase I > was talking to the guy. Much more common case is I just have the end > cert. so, the file http://nts1-e.ostfalia.de/homePi/CLIENT/rootCaBundle.pem is not it then. I thought

Re: ✘Python 3.6.5 breaks build

On Wed, Mar 20, 2019 at 6:30 PM Gary E. Miller via devel wrote: > Yo All! > > Something recently broke in NTPsec when using Python 3.6: I thought I got that bug with a4453ee5a4 "Fix polyglot library for Python3 on NetBSD". Where did you see that? I tried to repro on Gentoo and could not. It

Re: REFCLOCK rises again

On Wed, Mar 6, 2019, 10:15 AM Achim Gratz via devel wrote: > In a nutshell, SIGHUP is already taken, but USR1 and USR2 are still > available. Thte idea is that one of these does the equivalent of > re-configuring via ntpq or a restart without loss of internal state (as > far as possible). >

Re: Mode 6 filter removal considered harmful

On Sat, Mar 16, 2019 at 11:33 AM Achim Gratz via devel wrote: > > As already briefly mentioned on IRC, the way the mode 6 messaging was > changed to do no filtering at all anymore doesn't really work nicely. > To wit here are two otherwise identical systems, one with and the other > without

Re: Tangle - cookie keys file

On 3/6/19, Hal Murray via devel wrote: > > Where should we put the file used to store the key used to make cookies? It > > gets read at startup and updated daily. > > Fedora and Debian put things like that in /var/lib/ntp/ > NetBSD and FreeBSD put them in /var/db/ntp/ > > There used to be a

reasoning behind nts_lib

I had a reason for structuring nts_lib the way I did. It was mostly because I have the wrong ideas about what I am doing. Most of the variables that could reasonably be needed and some that are are in the structs. I was trying (incorrectly) to make the code thread-safe. Anyway, not that I seem to

Re: [Git][NTPsec/ntpsec][master] 6 commits: nts.adoc: Capitalize a MUST

On 2/8/19, Hal Murray via devel wrote: > OpenSSL doesn't support what we need yet. > > Daniel has code that does. > https://github.com/dfoxfranke/libaes_siv > It doesn't build on NetBSD and gets warnings on FreeBSD. It gets warnings on Linux as well. But I'm guessing the variables 'block' of

Re: Crap from test_ntpd - python3

On 2/16/19, Hal Murray via devel wrote: > This is the can't find library problem when run with Python 3. > ::snip:: > File "/home/murray/ntpsec/play/wafhelpers/bin_test.py", line 74, in run > addLog("PINK", "Expected: " + breg) > TypeError: can only concatenate str (not "bytes") to str It

for parts not merging as-is

On 2/9/19, Hal Murray via devel wrote: >>> IANA maintains one. That's what we use on the wire. It's started in >>> RFC 5116. RFC 5297 covers the case we want. The magic number is 15. > >> I don't want magic numbnbers in config files. > > Then please write some code that translates

Re: Wildcards on cert host checking

On Wed, Feb 13, 2019, 2:30 PM Hal Murray via devel Amy reason to allow or prohibit them? > I think allowing them would simplify the pool case I proposed a while back, but it is less likely to be a problem due to letsencrypt. JamesB192 > ___ devel

Re: Wildcards on cert host checking

On 2/13/19, Gary E. Miller via devel wrote: > Yo James! > > On Wed, 13 Feb 2019 14:36:38 -0800 > James Browning via devel wrote: > >> On Wed, Feb 13, 2019, 2:30 PM Hal Murray via devel > wrote: >> >> > Amy reason to allow or prohibit them? >> > >

Re: The libaes_siv dependency

On Thu, Feb 14, 2019, 2:24 PM Eric S. Raymond via devel Daniel Franke : > > You probably don't want to auto-pull the latest HEAD every time it gets > an > > update; only releases get the full battery of QA. Note I'll probably be > > stamping a release this weekend since the last release from two

Re: NTS next steps

On 2/5/19, Eric S. Raymond via devel wrote: > Hal Murray : >> >> > 2. Put together client-side NTS support. This mainly means filling in >> >ntpd/nts.c, as I have already written required the hooks into the >> >protocol machine. >> >> We need code to generate cookies. And test code to

ntp_control.c was Re: The request side of NTS is working

On 2/19/19, Eric S. Raymond via devel wrote: > Hal Murray : >> The thing that gripes me about ntp_control is that for each of the tables >> >> mentioned above, there are actually 3 parallel tables and they are a long >> way >> apart so a pain to update. Maybe if we just interlaces the #defines

Re: ntp.conf changes for NTS

On 1/29/19, Gary E. Miller via devel wrote: > Yo Hal! > > On Tue, 29 Jan 2019 02:38:26 -0800 > Hal Murray via devel wrote: > >> The complicated case is when we want to specify the IP Address. How >> about: server ntp.example.com nts 1.2.3.4 >> or >> server ntp.example.com nts bob.example.com

Re: Python module mismatch.

On 1/30/19, Hal Murray via devel wrote: > > Gary said: >> Great, the python library mismatch code works: >> Library/Binary version mismatch >> Binary: ntpsec-1.1.3+ 2019-01-30T21:25:37Z (git rev ab0ea27cf) >> Library: ntpsec-1.1.3+ 2019-01-30T21:20:27Z (git rev ab0ea27cf) > > What did

Re: Python module mismatch

On 1/31/19, Gary E. Miller via devel wrote: > Yes. But not done. It likely broke the current Gentoo NTPsec ebuild > for git head. I have a patch for that. --- a/net-misc/ntpsec/ntpsec-1.1.2.ebuild +++ b/net-misc/ntpsec/ntpsec-1.1.2.ebuild @@ -28,11 +28,11 @@ NTPSEC_REFCLOCK=( shm pps

Re: ntp.conf changes for NTS

On 2/2/19, Gary E. Miller via devel wrote: > Yo James! > > On Sat, 2 Feb 2019 13:04:25 -0800 > James Browning via devel wrote: > >> > > But if no packets are lost, C2S and S2C will be used forever. >> > >> > Yeah, bad. >> >> >> W

Re: ntp.conf changes for NTS

On Sat, Feb 2, 2019, 12:46 PM Gary E. Miller via devel Yo Hal! > > On Sat, 02 Feb 2019 12:36:10 -0800 > Hal Murray via devel wrote: > > > But there is another pair of keys: C2S and S2C. They are used to > > authenticate and encrypt traffic between client and server. There is > > no explicit

Re: ntp.conf changes for NTS

On 2/2/19, Gary E. Miller via devel wrote: > Yo James! > > On Sat, 2 Feb 2019 13:44:12 -0800 > James Browning via devel wrote: > >> >> What you almost need is a cookie extension to trigger a rekeying >> >> periodically. >> > >> > Ye

Re: Python module mismatch.

On 1/30/19, Gary E. Miller via devel wrote: > Yo James! > > On Wed, 30 Jan 2019 14:57:15 -0800 > James Browning via devel wrote: > >> as of commit 88430fb7d1 "raise SystemExit(1) on version mismatch" this >> is what happens when you have multiple version

Re: Copyright

On Wed, Apr 10, 2019, 4:47 PM Hal Murray via devel wrote: > > I just updated the NTS code to include a Copyright, copied from another > module. > > If this isn't appropriate, please tell me what it should be. > > /* > * nts_cookie.c - Network Time Security (NTS) cookie processing > * Copyright

Re: shm refclock

On Wed, Apr 10, 2019, 3:01 PM Hal Murray via devel wrote: > > g...@rellim.com said: > > I would go further and say that order matters not at all. What matters > is to > > start both as root. Depending on whether I am working on gpsd of ntpd I > will > > just keep restarting the one I am

Re: Anybody know anything about flatpak?

On Thu, Jul 11, 2019, 1:19 PM Hal Murray via devel wrote: > > Description : flatpak is a system for building, distributing and running > : sandboxed desktop applications on Linux. See > : https://wiki.gnome.org/Projects/SandboxedApps for more > :

Re: Anybody know anything about Windows?

On Sat, Jun 29, 2019, 2:06 PM Hal Murray wrote: > > jamesb.f...@gmail.com said: > > It builds on the Windows Subsystem for Linux but does not currently run, > > something about missing adjtimex support. I can't say anything definite > about > > mingsys, cygwin or native. > > Thanks. > > Does

Re: Driver strategy - we need to decide among incompatible goals

On Wed, Aug 14, 2019 at 7:56 PM Mark Atwood, Project Manager via devel < devel@ntpsec.org> wrote: > Can OnCore be supported by gpsd? > Probably, it was discussed a bit in bug 608 on the tracker before the discussion moved here. And while I also like removing code, we've removed a lot, and I'm

Re: Driver strategy - we need to decide among incompatible goals

On Thu, Aug 15, 2019 at 9:14 AM Eric S. Raymond wrote: > James Browning via devel : > > And while I also like removing code, we've removed a lot, and I'm not > > > instantly adverse to giving the hobbyests a command option to handle > > > wraparound on their old hardwa

Re: ✘NTS and ALPN

On Mon, Aug 19, 2019 at 6:49 PM Gary E. Miller via devel wrote: > Yo Matthew! > > On Tue, 20 Aug 2019 01:42:50 + > Matthew Selsky wrote: > > > I'm not sure why Dan's fork of the repo doesn't have jobs enabled... > > Every MR I have looked at on gpsd and ntpsec. > I am not a member of

Re: Does broadcast *server* mode still exist?

On Sun, Aug 18, 2019 at 5:27 PM Hal Murray via devel wrote: > > e...@thyrsus.com said: > > That's covered. In the page on NTPsec changes: > > * Broadcast- and multicast modes, which are impossible to > > secure, have been removed. > > I was looking for more information. Why can't we secure

Re: ✘NTS and ALPN

On Tue, Aug 20, 2019 at 11:43 AM James Browning wrote: > On Tue, Aug 20, 2019 at 10:55 AM Gary E. Miller via devel < > devel@ntpsec.org> wrote: > >> Yo Achim! >> >> On Tue, 20 Aug 2019 19:52:07 +0200 >> Achim Gratz via devel wrote: >> >> > Gary E. Miller via devel writes: >> > > I just pushed

Re: git head broken on NetBSD 7.2 - weird

On Fri, Aug 23, 2019 at 9:11 PM Hal Murray via devel wrote: > > > Has anybody seen anything like this before? > > Assuming "no", I'll try bisecting tomorrow. > > My attempt at bisecting hit a brick wall. I backed up many months and it > still fails. > > I guessed that something strange had

Re: waf checking - fail on warnings?

On Mon, Aug 26, 2019, 8:02 PM Hal Murray via devel wrote: > > How do I tell waf to fail on warnings? > > I'm trying to use this to detect which API I'm getting. > > STRERROR_FRAG = """ > #include > int main(void) { > char buf [100]; > const char *foo = strerror_r(6, buf, sizeof(buf)); >

Re: %m, #614

On Sun, Aug 25, 2019 at 3:49 PM Hal Murray via devel wrote: > I think it should be fixed for the release, but I don't know how to do it. > > There used to be code in the msyslog processing that handled %m if it > wasn't > included in the local printf. I'm guessing it was removed to eliminate >

Re: Point release of NTPSec

On Fri, Aug 23, 2019 at 9:43 AM Sanjeev Gupta via devel wrote: > We need a point release. Significant things that have happened recently: > > >- The g and G suffixes >- Removal of neoclock4x >- Some doc changes >- The ALPN change > > The last is critical, it throws into doubt all

Re: Point release of NTPSec

On Fri, Aug 23, 2019, 9:43 AM Sanjeev Gupta via devel wrote: > We need a point release. Significant things that have happened recently: > > >- The g and G suffixes >- Removal of neoclock4x >- Some doc changes >- The ALPN change > > The last is critical, it throws into doubt all

Re: Point release of NTPSec

On Fri, Aug 23, 2019 at 12:41 PM Eric S. Raymond wrote: > James Browning via devel : > > AFAICT issues 599 and 566 still affect FreeBSD. > > Not urgent, IMO. In particular, I'm now fweeking more pressure to get > the NTS fix out. > Then they can wait. Sanjeev pointed ou

Re: Cleanup opportunity - include/isc_error.h

On Mon, Sep 2, 2019 at 4:11 AM Hal Murray via devel wrote: > > I missed some uses of strerror_r() in the ISC routines. > > I think all uses of UNEXPECTED_ERROR should switch to msyslog > Then we can delete include/isc_error.h and libntp/isc_error.c > It is done (badly) in merge request !1029

Re: Code freeze

On Wed, Aug 28, 2019 at 5:24 PM Eric S. Raymond via devel wrote: > Sanjeev Gupta : > > Eric, there is a incompatibility break, so could we do 1.2.0 , please? > > Mark's call. I beliecew he's considering shipping 1.2.0 shortly after. My impression is that he is waiting for the IETF and IANA to

Re: Certificates

On Wed, Sep 11, 2019 at 7:43 PM Hal Murray via devel wrote: > > Any openssl command line wizards? > Probably, not me though. > What do I type to find out when my certificate expires? We should make a > script that can be called from cron. > generally something like the following works

Fwd: Future directions

-- Forwarded message - From: James Browning Date: Mon, Sep 16, 2019 at 4:07 PM Subject: Re: Future directions To: Mark Atwood On Mon, Sep 16, 2019 at 3:24 PM Mark Atwood via devel wrote: > On Mon, Sep 16, 2019, at 14:09, Hal Murray via devel wrote: > > I think we should put

'ntpq -c ":config"' does not work (it probably never did)

While working on a script[1], I stumbled across this issue. the cmd.Cmd class does not call its precmd function from its onecmd function in either Python 2.7 or 3.6. I see several possible paths forward. 1. Ignore the issue and hope it goes away. 2. Report it upstream. 3. Change over to

Re: Fwd: Future directions

On Tue, Sep 17, 2019 at 1:23 PM Richard Laager wrote: > On 9/16/19 6:08 PM, James Browning via devel wrote: > > - additions to the DNS code to allow non-A/ pools. (cname/srv > probably) > > Is it not following CNAMEs already? I haven't checked. > No, it seems not

Replacing python ntpc submodule using ctypes/ffi

I have set up a branch replacing the current Python version-specific ntp.ntpc with a language-agnostic foreign function interface stub point and a version agnostic Python ntp.ntpc using cytpes. On build, it produces a single shared library 'libntp.so' in the ntpd sub^n-directory and a now neat

OT: tolerance was Re: Testing

On Mon, Jul 15, 2019, 5:15 PM Hal Murray via devel wrote: > > tenterl...@gmail.com said: > > I come from a scientific background, where we compare results somewhat as > > analog values. If the test result is off the expected by 1000%, that's > bad. > > If it's off 1%, better. If the error is

Re: ntploggps not installed by waf

On Sat, Sep 21, 2019, 12:55 PM Paul Theodoropoulos via devel < devel@ntpsec.org> wrote: > Just a quick note, as I'm vetting all my installations - after running > './waf configure --refclock=all', followed by './waf install', all of the > applications in main/ntpclients are installed - except

Re: Recommended Number of NTP Servers

On Mon, Nov 4, 2019, at 5:23 PM Richard Laager via devel wrote: > Each of these names (N.debian.pool.ntp.org) resolves to only 4 IPs.* The > four of them resolve to (mostly) non-overlapping IPs. In other words, if > I resolve only one name, I get 4 IPs, but if I resolve all four names, I > get

policy and pylib/packet cmac/160 bit hmac support

After looking at devel/HACKING, I do not see a policy on including external python modules. The came up because I have a merge request (!1044), which adds support for RIPEMD160, SHA-1, and AES128CMAC. The CMAC implementation currently requires the pycryptodome[1] module. If external modules are

Re: What's name for the gitlab thing that checks post-push and sends yes/no mail?

On Mon, Dec 9, 2019, 11:35 AM Hal Murray via devel wrote: > > I haven't seen that mail recently. > I do not know. Quick bit of googling found https://docs.gitlab.com/ee/user/project/integrations/emails_on_push.html which might be related. > ___ devel

Re: shallow thoughts on SHM

On Sat, Oct 26, 2019, at 8:24 PM Hal Murray wrote: > > > I do not have access to a copy of POSIX and the SuSv2 seems to have SHM > > support. > > You can probably get what you need from man pages. Try man shm_overview There are links in the documentation that I should have read before

shallow thoughts on SHM

The length of the SHM construct appears to date back to 1997 at that time according to Wikipedia only four processor architectures had 64-bit address spaces. I have no information on the prevalence of 64-bit processors. However, I think it is reasonable to assume that the integers of that time

Re: policy and pylib/packet cmac/160 bit hmac support

On Sun, Nov 24, 2019, at 12:12 AM Hal Murray via devel wrote: > > Mark Atwood said: > > On the other other other hand, can we have a Python binding on the C > crypto > > routines that ntpd uses? > I'd probably prefer a generic FFI module with a ctypes wrapper but yes probably. > The ntpd code

Re: ublox refclock

On Sun, Nov 24, 2019, 6:08 AM Udo van den Heuvel via devel wrote: > On 24-11-2019 15:01, Eric S. Raymond wrote: > > Udo van den Heuvel : > >> I have an M8N on order, would that be compatible enough to this driver? > >> If so: I could help test etc. > > > > That can't hurt - they speak the same

Re: Please review this document fragment

On Mon, Nov 25, 2019 at 3:15 PM Sanjeev Gupta via devel wrote: > From: docs/driver_shm.adoc > > Is the first paragraph still required, if it doesn't apply to current > nrpsec? > > And I cant parse the second paragraph, especially the first line. What > should I use? Not the ancient method,

Re: Duplicate Servers

On Wed, Sep 25, 2019, at 3:22 AM Richard Laager via devel wrote: > At work, I have two NTP servers. They are part of the pool, with both > IPv4 and IPv6. > > Internally, my systems use my NTP servers (marked with prefer) and the > pool to provide additional sources. As is typical, ntpd prefers

Re: droproot, seccomp

On Tue, Feb 25, 2020, at 1:37 PM Eric S. Raymond wrote: > > James Browning via devel : > > Is there anything preventing the possibility of an early looser > > seccomp setup and then tightening it later possibly with a knob > > to generate terse or verbose w

Re: Long range thoughts

On Fri, Feb 28, 2020 at 3:26 AM Hal Murray via devel wrote: > > Lots of handwaving here. :::snip::: > Can we break the current ntpd blob into smaller chunks? How about: > NTP server > NTP client > NTS-KE server > ntpq client I think you mean mode 6/7 server there. It might also be a

Re: mode 6 crypto revison

On Sat, Jan 11, 2020, at 1:03 AM Hal Murray wrote: > > The current symmetric auth scheme requires a not-an-extension which is > > (formerly 10) 20 or 24 bytes of an essentially unidentifiable binary blob. > > to > > check for it, you either need a length for the authenticated stream or walk > >

Re: --enable-doc waf config option removed

On Sun, Feb 2, 2020, at 3:49 PM Gary E. Miller via devel wrote: > > Yo Jason! > > On Sun, 02 Feb 2020 16:44:25 -0500 > Jason Azze via devel wrote: > > > It looks like the --enable-doc waf configuration option was removed > > in the commit "Add support for other asciidoc processors". Was there >

Re: --enable-doc waf config option removed

On Sun, Feb 2, 2020 at 7:27 PM Eric S. Raymond via devel wrote: > Richard Laager via devel : > > On 2/2/20 3:44 PM, Jason Azze via devel wrote: > > > It looks like the --enable-doc waf configuration option was removed in > > > the commit "Add support for other asciidoc processors". Was there any

Re: ntpclients is broken

On Mon, Feb 17, 2020 at 5:02 PM Hal Murray via devel wrote: > See issue #642 > https://gitlab.com/NTPsec/ntpsec/issues/642 As handwaved the patch. From b0b7f7b6016076c7204468cd15888eb1085782b0 Mon Sep 17 00:00:00 2001 From: James Browning Date: Tue, 18 Feb 2020 10:32:53 -0800 Subject: [PATCH]

Re: ntpsec | Add dextral mode and srchost variable use options and better column autowidth. (!1033)

On Sat, Feb 22, 2020, at 6:40 PM Hal Murray wrote: > > Looks like the second test is backwards. It's printing the message on a > system where pipefail works. > > if (set -o pipefail) 2>/dev/null > then > echo "### Old sh - no pipefail" > echo "### We can't test for errors during build" >

Re: Python, testing

On Mon, Jan 13, 2020 at 10:40 PM Hal Murray wrote: :::snip::: > > Any particular distro anyone wants it to run on? j/k > > The idea is NOT to run it as part of a normal checkin, but have something in > addition that could be triggered manually or by the equivalent of a cron job. > I'm thinking of

mode 6 crypto revison

The current symmetric auth scheme requires a not-an-extension which is (formerly 10) 20 or 24 bytes of an essentially unidentifiable binary blob. to check for it, you either need a length for the authenticated stream or walk backward in the packet to see if the text matches a symmetric

Re: Python, testing

On Mon, Jan 13, 2020 at 5:58 PM Eric S. Raymond via devel wrote: > > Hal Murray via devel : > > A year or 2 ago, I put together a script to test as many build time options > > as > > I thought reasonable. It's in ./tests/option-tester.sh > > > > Does anybody other than me use it? > > I've run

Re: Anybody know anything about firewalls?

Not much. Every distro seems to have its' tool. Most in Linux space seem to use iptables although nftables is IMO better. On Fri, Dec 27, 2019, at 12:31 AM Hal Murray via devel wrote: > I recently setup a new system (Fedora) to replace a box that had died and > thought it was working OK. Then I

  1   2   3   >