Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp

On Wed, May 4, 2016, at 04:25, Ian Smith wrote: > On Sat, 30 Apr 2016 14:27:17 +, Poul-Henning Kamp wrote: > > [..] > > > The best explanation of all this is John R. Vig's Quartz Tutorial > > which is freely available on the web - highly recommended: > > > >

Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp

On Sat, 30 Apr 2016 14:27:17 +, Poul-Henning Kamp wrote: [..] > The best explanation of all this is John R. Vig's Quartz Tutorial > which is freely available on the web - highly recommended: > > http://www.am1.us/Local_Papers/U11625%20VIG-TUTORIAL.pdf This is one of the best

Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp

On 4/29/16 04:13, ga...@zahemszky.hu wrote: >> 2) To update your vulnerable system via a binary patch: >> >> Systems running a RELEASE version of FreeBSD on the i386 or amd64 >> platforms can be updated via the freebsd-update(8) utility: >> >> # freebsd-update fetch >> # freebsd-update install >

Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp

Large builds over NFS filesystems, particularly secure NFS (i.e., Kerberos) are one the best tests of time synchronization. Clients with bad clocks can further exercise this not uncommon infrastructure. The reason you don't typically see build errors even here, IME, is because the timehosts tend

Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp

In message , Christian Weisgerber w rites: >On 2016-04-29, Roger Marquis wrote: > >>> While I cannot speak for anyone other than myself, the two simply aren't >>> equivalent. As a conscious design choice, OpenNTPD trades off

Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp

On 2016-04-29, Roger Marquis wrote: >> While I cannot speak for anyone other than myself, the two simply aren't >> equivalent. As a conscious design choice, OpenNTPD trades off accuracy >> for code simplicity. > > IIRC openntpd is accurate down to ~100ms. I have no idea

Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp

On 2016-04-29, "Matthew X. Economou" wrote: >> What are the reasons FreeBSD has not deprecated ntpd in favor of >> openntpd? > > While I cannot speak for anyone other than myself, the two simply aren't > equivalent. OpenNTPD is intended to cover the most common usage

Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp

Roger Marquis wrote: > >> What are the reasons FreeBSD has not deprecated ntpd in favor of > >> openntpd? > > > > While I cannot speak for anyone other than myself, the two simply aren't > > equivalent. As a conscious design choice, OpenNTPD trades off accuracy > > for code simplicity. > > IIRC

Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp

30.04.2016 7:44, Roger Marquis пишет: Are you seriously proposing that most FreeBSD installations need to serve as timeservers? Absolutely. Every LAN router should be capable in supplying NTP service for its LAN clients, it just needs a way to differentiate its LAN/WAN interfaces (security

Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp

Who needs millisecond accuracy anyway? Cell phones, cell phone towers, computers handling financial transactions, etc. I manage security for several dozen FreeBSD computers handling financial transactions and they all run openntpd in client-only mode. It was the only way we could avoid an

Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp

Sent from my iPhone 7.1 On Apr 29, 2016 5:09 PM, "Charles Swiger" wrote: > > On Apr 29, 2016, at 4:43 PM, Roger Marquis wrote: > > > Who needs millisecond accuracy anyway? > > Cell phones, cell phone towers, computers handling financial transactions, etc. >

Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp

On Apr 29, 2016, at 4:43 PM, Roger Marquis wrote: >>> What are the reasons FreeBSD has not deprecated ntpd in favor of >>> openntpd? >> >> While I cannot speak for anyone other than myself, the two simply aren't >> equivalent. As a conscious design choice, OpenNTPD trades off

Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp

On Fri, Apr 29, 2016 at 01:13:21PM +0200, ga...@zahemszky.hu wrote: > >2) To update your vulnerable system via a binary patch: > > > >Systems running a RELEASE version of FreeBSD on the i386 or amd64 > >platforms can be updated via the freebsd-update(8) utility: > > > ># freebsd-update fetch > >#

RE: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp

Roger Marquis writes: > > What are the reasons FreeBSD has not deprecated ntpd in favor of > openntpd? While I cannot speak for anyone other than myself, the two simply aren't equivalent. As a conscious design choice, OpenNTPD trades off accuracy for code simplicity. It lacks support for NTP

Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp

Despite the risk of beating a dead horse (apologies to non-native english speakers for the acronym), as I cannot recall discussion of migrating base, and since replacing ntpd with openntpd has been standard practice in security-oriented environments for a few years now, perhaps someone on the sec

Re: FreeBSD Security Advisory FreeBSD-SA-16:16.ntp

2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Both on an i386 and on an amd64 machine, I got:

FreeBSD Security Advisory FreeBSD-SA-16:16.ntp

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-SA-16:16.ntpSecurity Advisory The FreeBSD Project Topic: