Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
News

NTP Pool Project Reaches 500 Servers 165

A user writes "Finally after 3 years the NTP Pool project has reached 500 servers! The NTP pool project tries to be an accurate and free time-source to every internet-connected device. Everybody who's system has running an NTP daemon which can give an accurate time-indication can join the project. Not only is it handy to have accurate time on your workstation to be able to see when you need to leave the house to catch the train in time, it is also usefull to be able to accurately correlate events between your system and others in case one gets hacked."
This discussion has been archived. No new comments can be posted.

NTP Pool Project Reaches 500 Servers

Comments Filter:
  • by SpaceCadetTrav ( 641261 ) on Saturday January 14, 2006 @11:24AM (#14471266) Homepage
    Congratulations. If you are reading a Slashdot thread about 500 time servers, you really are a nerd.
  • by Ithika ( 703697 ) on Saturday January 14, 2006 @11:29AM (#14471286) Homepage

    And what makes sure the trains are on time?

    • You don't live in Japan, right? I have been going by train every weekday for four months, it's been late once. 2 minutes. And then I could smell the breaks at every station.
  • But... (Score:2, Informative)

    by joey_knisch ( 804995 )
    I live in an area with buses and a DOT that doesn't give a shit about being 12 seconds early. Oh well. I will continue to use my watch set 5 minutes fast.

    However, congrats. I will continue to use your NTP servers for computer related crap well into the future.
    • I will continue to use my watch set 5 minutes fast.

      I used to do that. The problem is that I'm not as dumb as I thought. I'd look at my watch and add five minutes. I knew I had until 3:05 for a 3:00 meeting, because my watch was five minutes fast fast.

      I decided that a fast clock was doing me more harm than good. (And besides, I have mild OCD.) Now my watch is accurate, and periodically I adjust it so it's within a couple seconds of my computer. (Synced up via the pool.ntp.org, of course.) I know I have until
  • Confused (Score:4, Funny)

    by Alarash ( 746254 ) on Saturday January 14, 2006 @11:36AM (#14471312)
    I'm confused. They are supposed to be a reliable time source, and their home page doesn't even show the current time!
    • Re:Confused (Score:2, Interesting)

      by Da3vid ( 926771 )
      I find this website a bit perplexing. Sure, I can appreciate the value of having an accurately sync'd computer, but I set my CPU a year to my atomic clock, and it still is within 15 seconds. That goes for my laptop, too. Maybe I'm a fluke, maybe this program could win me back that 15 seconds, but how important are they? I don't think its going to help me with my day, business, or any other daily tasks. I can only see this potentially useful in tracking movement of viruses across multiple networks, but I dou
      • Re:Confused (Score:5, Informative)

        by bsd4me ( 759597 ) on Saturday January 14, 2006 @12:02PM (#14471408)

        Accurate time is important when you are sharing resources with other computers. One example is running a build on an NFS share. If the file timestamps are wrong, then make may do unnecessary compiles, or skip files. Other protocols, like rsync, use timestamps to try to figure out whether updates are needed.

        • If the file timestamps are wrong, then make may do unnecessary compiles

          Tell me about it. In 1999 the operational site which we get our time sync from used their test network (the one connected to our development site) for Y2K testing. We had half a gig of incorrectly date stamped sources. Not a pretty sight.

    • Re:Confused (Score:3, Interesting)

      Well now, if you stop and think of it, that would be the worst case scenario one could imagine, cause some dip would leave his web browser sitting on the page watching the clock update itself every second. Do that 10 times and you've used a quite measurable portion of the servers bandwidth.

      You would be amazed at the number of folks who figure its allright to do that, I mean its there, why not use it attitude? So no, no admin in his right mind would set that up. Or if he did, he should be dismissed as not
  • by TallMatthew ( 919136 ) on Saturday January 14, 2006 @11:39AM (#14471323)
    What keeps someone from joining the pool and giving out the wrong time?

    There are some nifty bits of nastiness that can be delivered when a machine is privy to having its clock changed from afar.

    • A proper NTP implemetation for a computer gathers information from several clock sources. The NTP protocol also has provisions to determine whether a clock is accurate or not based on the responses from other clocks. IIRC, this is called a "false ticker" in the spec.

    • by isj ( 453011 ) on Saturday January 14, 2006 @11:56AM (#14471380) Homepage
      What keeps someone from joining the pool and giving out the wrong time?

      Nothing.

      However, NTP clients uses multiple servers and uses some fairly advanced correlation algorithms to detect outlyers and bad servers. The client configuration is your responsibility. So configure it to use a set of servers that you believe you can trust.

      There are some nifty bits of nastiness that can be delivered when a machine is privy to having its clock changed from afar.

      Then use the secure protocols.
      • However, NTP clients uses multiple servers and uses some fairly advanced correlation algorithms to detect outlyers and bad servers. The client configuration is your responsibility. So configure it to use a set of servers that you believe you can trust.

        And this exactly why the default OpenBSD settings connect to 8 different ntp pool servers:

        # $OpenBSD: ntpd.conf,v 1.7 2004/07/20 17:38:35 henning Exp $
        # sample ntpd configuration file, see ntpd.conf(5)

        # Addresses to listen on (ntpd does not listen by defa

    • What keeps someone from joining the pool and giving out the wrong time?

      All machines in the NTP pool are monitored for quality and if they are bad enough, they won't be put into the pool.

      Also, it is recommended that you have at least 3, maybe up to 5, NTP servers so that you can detect a bad NTP server. (If you have one time server, you won't know that anything is wrong. If you have two, you will know something is wrong, but you won't know which NTP server is bad. If you have three or more, you can p

    • Two main design decisions preclude this from causing disaster.


      1.) A proper NTP implementation will only normally change the skew of your clock, so it speeds up or slows down, but does not jump around.


      2.) A proper NTP implementation will assume that a clock with a large variance compared to other sources is unreliable, and so it will try not to use it. Of course this assumes you have more than one time source available (and configured).

      • Of course this assumes you have more than one time source available (and configured).

        For what it's worth, it's not immediately obvious how to do this. If you were to add multiple servers entries in ntpd.conf, all with pool.ntp.org, then DNS would just cache the first call and you'd point to the same machine all the time. The way to do this is as follows:

        server 0.pool.ntp.org
        server 1.pool.ntp.org
        server 2.pool.ntp.org

        Now you'll get a different server and life will be good. You can also use country

  • Cool (Score:2, Funny)

    by leathered ( 780018 )
    I hope these servers carry alt.binaries.pictures.erotica.breasts.large

    Oh, sorry I read that as NNTP
  • PCs keep lousy time. (Score:2, Interesting)

    by Anonymous Coward
    What is it with PCs? I've owned several over the last 15 years, and without exception
    the clocks simply could not keep accurate time. I've bought 5 buck watches at wal-mart that
    kept better time than my PCs. In some cases, they lose (or gain) several (somtimes tens of)
    seconds per day.

    Is it those Dallas chips that can't keep time? or is it the clock frequency division that
    most PCs use?
    • by LuckyStarr ( 12445 ) on Saturday January 14, 2006 @02:04PM (#14471935)
      Try warming your 5 buck watch to 50C (don't know how much that is in F) hold it there for a few hours and then cool it down again to room temperature. Do this every day for a few months.

      You will see your 5 buck watch will track the time as good as the Dallas chips.

      Temperature affects the speed of clocks.
      • I remember in high school a guy from the power company came to talk to the class.

        He stated that the power company tries very hard to regulate the 60 Hz power, such that, as exactly as possible, the required 5,184,000 cycles are sent out every day. As a result, any electric clock (especially one that uses a motor) would have very accurate time.

        So why is it, that an electronic device, which you normally plug right into the wall, can't find a source of accurate time? There's a very reliable source of tim

        • It can. I built a Heathkit digital clock [decodesystems.com], back when you could buy electronic kits and electronic digital clocks were rare. It used the AC line as the frequency reference for the digital clock circuits. I think it used a low-voltage secondary winding on the power transformer and a schmitt trigger to generate a 60 Hz square wave. If you checked the clock against WWV, it was never off by more than a second or two. If the power company had a large load during the day, they would run the system slightly faster t
        • by Almost-Retired ( 637760 ) on Saturday January 14, 2006 @09:17PM (#14473653) Homepage
          Thats only as good as the operators on duty when looked at on a shorter term than a daily basis. So I have to tell a story here that illustrates the problem, in this case one that having an NTP setup (which didn't exist except in older protocols in 1978) wouldn't have fixed unless it was applied directly to the generator controls on the power grid.

          Anyway, about 2pm my board operator at the tv station I was the CE at came running into my office and said the tape machine was going crazy, he though it was running fast and the on air picture wasn't viewable even after being time base corrected.
          He'd put that tape in 3 of them without making it work.

          As I walked through the control room I was just barely aware that the air conditioning and all the fans in the transmitter seemed to be working real well. I looked at the tape machine, whose main drive motor was a synchronous type whose speed is locked to the powerline frequency, and it did indeed appear to be running fast by a rather large margin. Looking at a motorized wall clock, I noted it was about 18 minutes faster than my trusty timex. So I timed the wall clock second hand against the timex and came up with a powerline frequency of around 71 hz. Voltage was also up a bit, to about 130 at the wall socket, so my transmitter was running very well indeed.

          Calling the local electrickery people, I got a number for the WAPA control center up in Utah someplace and called them up. Argueing with the sexytary for a couple of minutes I finally got through to an operator on duty, introduced myself as the CE at a tv station down in New Mexico and then asked him if his clocks were fast. He first didn't get it, then checked his watch against the wall clock and muttered OMG. He said I'll get that fixed asap and I hung up since there wasn't a watts line account there & Ma Bell was very proud of her daytime business rates...

          About 2 minutes later you could hear the fans and stuff gradually slowing down, and it finally settled at about 59hz until time had caught up with the wall clocks again.

          I think some folks either got some overtime or got to go home a few minutes early that day, so there were what one could have called collateral damages, if even only to the economy west of the mississippi. The whole west side of the country is all synched up, presumably so is whats east of the river. Anyway, it was such an odd occurance that I still have to grin when I recall it nearly 30 years later. One of those things that couldn't ever happen, but did. :-)

          --
          Cheers, gene
  • other than that I don't think I'd bother. a couple of minutes here or there hardly matters.

     
    • other than that I don't think I'd bother. a couple of minutes here or there hardly matters.

      Well, it does matter for Kerberos / MS Active Directory authentication.

      In any shared software development environment, time needs to be accurate or your builds will fail in strange ways.

      And I'd like to be able to correllate our syslog output, too...
    • other than that I don't think I'd bother. a couple of minutes here or there hardly matters.

      Yeah, I didn't think it mattered too much on non-critical systems either. Then I ran MythTV and missed the last couple minutes on my Futurama episodes. Never again.
    • a couple of minutes here or there hardly matters.

      If my computer (routinely synced via NTP) changes to, say, 12:00:00, and it takes ten seconds for my desk clock to changes from 11:59 to 12:00, I don't care at all.

      But it's not uncommon to rack up 15-minute differences between clocks. That, I'd argue, is a very big problem.
  • by jafo ( 11982 ) * on Saturday January 14, 2006 @11:48AM (#14471356) Homepage
    We've run public NTP servers for the better part of a decade now, mostly for the convenience of geographically local folks like the various LUGs. When I found out about the pool, I had our servers added there. Everything was fine for a few months, then over a month we started getting phone calls from firewall admins about how our time servers were attacking their networks. Every time a machine in their network would ask our servers for the time, our servers responded with 10 packets spaced at 1 second intervals, so these improperly configured firewalls were logging a lot of packets from us.

    I finally shut it down after one particular call, the third that week, where the caller was rude and abusive when I suggested that he should be doing more investigation about the traffic before calling someone else to complain about it. Being a public service, it's just not something that scales well to have to field these calls. I hated to do it, but it was just too much of a distraction.

    I'm not saying that you shouldn't add your servers to the pool... I just thought it was an amusing story.

    Sean
    • Every time a machine in their network would ask our servers for the time, our servers responded with 10 packets spaced at 1 second intervals

      Uh, your servers are supposed to only reply with *ONE* packet.

      That said, I have also had a few people complain to me about my machine attacking them because they have configured their machine to use the NTP pool. Over the last 2 years, it has totalled around 3, so you must have had really bad luck.

      Overall, I have been very happy with my involvement with the NTP

  • New Way uses HW (Score:5, Informative)

    by putko ( 753330 ) on Saturday January 14, 2006 @11:50AM (#14471362) Homepage Journal
    Supposedly, if you need an accurate timebase, you are supposed to just use GPS (which gives the exact time) instead of relying on a complicated clock protocol.

    It is great that NTP is so widely distributed. It is typical that at the moment the old technology is finally working, there is an altogether better solution.
    • Re:New Way uses HW (Score:3, Insightful)

      by Anonymous Coward
      What do you mean by "finally working"? It's been working for ages, I've been using public NTP servers much before I found about pool.ntp.org.

      Besides, what a GPS receiver gives you is a stratum 1 host. What are you going to do, get a receiver per machine? Of course not, you connect it to one box with a NTP server, and make the rest synchronize with it.

      Perhaps the usefulness of public NTP servers is somewhat less now, but they're still good to have. I'm sure at many companies buying a GPS receiver could be co
      • "Finally working" was imprecise. Please try: "finally working enough to satisfy all users".

        If time really matters, you'll have one per machine. I wouldn't say "of course not," as you did. They only cost about $75 (US) now.
        • Re:New Way uses HW (Score:3, Insightful)

          by pe1chl ( 90186 )
          Even ONE receiver (GPS) can be a problem in an office building with metalized glass windows and no access to the roof.
          Also, not everyone wants to setup an antenna on the roof and wire it into the computer room.

          For typical computer network purposes (where relative time accuracy is more important than absolute accuracy), NTP is a very good solution. It will get all systems on your lan within milliseconds or better, and the whole network within tens of milliseconds. It will be better than a message-based (no
    • Re:New Way uses HW (Score:5, Insightful)

      by cswiger2005 ( 905744 ) <cswiger@mac.com> on Saturday January 14, 2006 @12:16PM (#14471473) Homepage
      GPS does indeed make a wonderful external time reference, and many stratum-1 NTP timeservers are using it.

      Of course, most machines locked in a rack in a hosting facility don't have even the slightest chance of seeing enough sky to lock onto GPS, so it's safe to say that NTP's death or obsolesence is premature to announce just yet. :-)

      --
      -Chuck

      PS: O Slashdot wizards, why does Slashdot's posting filter claim ntpq output is lame?
      It's a conspiracy, I tell you, to force me to write more text!
      Bah, that doesn't work, the lameness filter doesn't like a line filled with "=" signs at all, even if I use an <ecode> tag.

    • Re:New Way uses HW (Score:4, Insightful)

      by tpgp ( 48001 ) on Saturday January 14, 2006 @12:25PM (#14471518) Homepage
      Supposedly, if you need an accurate timebase, you are supposed to just use GPS (which gives the exact time) instead of relying on a complicated clock protocol.

      Unless your data center is inside a shielded room / underground / in the center of your building.

      It is great that NTP is so widely distributed. It is typical that at the moment the old technology is finally working, there is an altogether better solution.

      Its not a better solution - its a better solution in some cases.

      NTP has the massive advantage of working anywhere you have a network connection and not requiring expensive hardware (GPS hardware you can attach to a PC & match the reliability of NTP is not your yum-cha $75 GPS unit)
      • Re:New Way uses HW (Score:3, Informative)

        by Myself ( 57572 )
        Of course, the CDMA cellular network derives its timing directly from a GPS-stabilized clock, and local clock standards that reference a CDMA receiver are available. These work in almost any building short of a full faraday cage. (And some of them can hook directly to a network and serve NTP!)

        Also, the 1pps output of a $75 GPS unit is considerably more accurate than NTP if your network is subject to *any* sort of variable delay, which of course packet-based networks are.

        Not that NTP isn't useful, just don't
        • "Also, the 1pps output of a $75 GPS unit"

          None of the $75 GPS units I've looked at have had PPS. I thought PPS-enabled receivers were a lot more expensive than your run-of-the-mill GPS receiver?
          • The GPS receiver used internal to these units often has a PPS signal. It is the USB interface that provides only a serial message interface to the system.
            When you find an RS232-interfaced receiver, chances are that it provides PPS on the DCD pin.

            I am using OEM module GPS receivers here (bare printed circuit boards that are/were used by system integrators to build systems) and the three different types I have all provide a PPS signal.
            These are sometimes available as surplus components.
        • GSM does not seem to have these time transmissions. If it does, the typical GSM handset does not take advantage of it.

          On a LAN, you can expect submillisecond accuracy out of NTP. At least when your OS clock can be phaselocked to an external reference.
          Of course it will be difficult when you are syncing over an asymetrically loaded Internet link.
          • That was my point exactly: NTP is most useful within a site, on a LAN. But a radio system, be it Navstar or Galileo GPS signals, or WWVB, or CDMA, is a better way to bring the timebase into the site itself. A WAN link isn't deterministic enough. (I'll admit to knowing nothing about QoS. Could it help?)

            GSM and other systems that use TDMA as a radio access method can tolerate more timing trouble than CDMA. As far as I know, a TDMA site doesn't need a good master clock, since timing slips between sites are uni
            • GSM sites probably have quite a good idea about the current time, if only to do proper handovers. However, the spec apparently does not include a transmission of this time on the radio interface. The mobile network here is exclusively GSM, and all phones come with a user interface to set the date and time (and a lack of support of daylight saving time). Once set, the phone runs off its own internal clock and quickly wanders off.
              (I think I once read somewhere that a single manufacturer had implemented an
    • There is much more to a time and frequency distribution system than a GPS receiver producing 1 PPS, unless your requirements are very minimal. You still need a very stable local oscillator, time code generators, etc. You also have to consider redundancy and single points of failure.

      NTP is a cheap and effective way of distributing time to systems that do not need high-quality time.

  • Since nobody has mentioned anything about clients yet, here are my suggestions:
    • Linux: Chrony [sunsite.dk]. Works very well for dial-up when you not are connected all the time.
    • Windows: NetTime [sourceforge.net]. Although no longer an active project, this program still works perfectly and is in my opinion better than the "official" windows service.
  • by Nelson Minar ( 7732 ) on Saturday January 14, 2006 @12:29PM (#14471537) Homepage
    Debian's default NTP configuration is to get time from pool.ntp.org. This is a significant contribution to the Linux world, similar to how Microsoft and Apple provide NTP service to their customers. Yay for us!

    There is modest protection against bad servers in the pool. The time from pool servers is monitored and if a server seems insane it's taken out of the rotation.

    My pool server gets about 14 requests a second from about 100,000 different IP addresses a day. Sadly, a lot of those requests are junk; 100 IP addresses account for 1/3 of all the requests I get. Fortunately NTP is a very lightweight protocol, so you can mostly ignore the spammy clients.
    • similar to how Microsoft and Apple provide NTP service to their customers

      I didn't realize Microsoft did this, but I know when I started buying Apple, I sure noticed it, and thought it was a very nice touch. Small things like this can give a lot of polish to a product.
  • by jms ( 11418 ) on Saturday January 14, 2006 @12:50PM (#14471630)
    Back when I was a university system programmer, I had an officemate named Tim. One day, Tim was poking around and discovered that hundreds of computers all across campus were synchronizing their clocks to his desktop workstation. He quickly figured out why.

    The naming standard for desktop machines was to take the employee's first name and concatinate it with the first letter of their last name. So my desktop machine was named "johns.cc.uic.edu". Tim's machine was named "time.cc.uic.edu" because his last name began with "E". (cc meaning a "computer center" machine.)

    Apparently many many university departments and users poked around and discovered what was obviously an official time server and configured their computers to synchronize to Tim's desktop machine. Tim, of course, had set his computer's clock by the office clock and never given it a second thought.

  • "Everybody who's system" Ouch. Double whammy!
  • For years, I've kept my own NTP server. It has references to like a dozen other NTP servers, and then all my other servers reference my own NTP server. I'm not as interested in having time 100% spot perfect, as in having all the servers together, so that cross-examining log files is possible. (BTW, setting up an NTP server takes all of about 10 minutes, with basically zero administration, other than making sure that NTPd is running)

    I don't do any address restriction on the NTP server. Anybody doing a UDP s
    • by htmlboy ( 31265 )
      what constitutes a "public" NTP server - the DNS name, or its inclusion on a particular published list?

      in this context, public probably means that the server's listed by pool.ntp.org [ntp.org]. isc also maintains a list of stratum 1 and 2 servers [isc.org], some of which are publicly-accessible.
    • It is considered abusive to scan for an NTP server and then use it as a reference. A "public" NTP server is one that is explicitly listed as public and available for external users.

      Listing it on pool.ntp.org of course is an explicit permission to use it.
  • I noticed that Fedora (at least early releases) sets the default ntp server to a .redhat.com server, and I believe Ubuntu sets the default to an ubuntu project server.

    Does anyone know if these distros use traffic to their servers to track installed base? Or are they just being extra friendly?
    • They're probably just being friendly. I always change them anyway because it's a good idea to minimize the jitter between you and the ntp server - find some that are a bit closer.
    • I noticed that Fedora (at least early releases) sets the default ntp server to a .redhat.com server

      Here in FC3 it is the pool.ntp.org servers.

      I believe Ubuntu sets the default to an ubuntu project server.

      Yes

      Does anyone know if these distros use traffic to their servers to track installed base?

      I assumed this was the case with Ubuntu. But I don't really know.

  • I added my server to the pool for a while, but quit after a couple of months. The problem I had was the number of wildly misconfigured clients that were killing my system by polling every second. ISC's ntpd has options that sound like they would limit these abuses, but they never had any effect at all; tcpdump would show that I was cheerfully answering request after request after request from the same group of idiot machines.

    Some people went as far as to write scripts that would add bad clients to the s

  • "who's"
    "usefull"

    What's up with you guys? I'm not even a native speaker. You were just a "should of" and an "it's" short of a crap submission.
  • According to the project web page [ntp.org] you can expect 10-20Kbit/sec of traffic, which works out to 6 gigabytes per month of traffic. It doesn't say which direction but I suspect NTP would be pretty symetrical so this would triple the inbound volume to my co-lo.

    Thats a lot of volume for me, so I don't see how I could contribute a server.

    Its a shame that they can't include a dynamic DNS hack into the system. My home system has heaps of volume at a fixed price, but it is on a dynamic IP.

    • Its a shame that they can't include a dynamic DNS hack into the system.

      Yeah, then we could have thousands of AOL users contributing. With the added reliability we'd get from all those extra servers, NTP could be used for some really critical functions. You know, nuclear power stations, missile defence systems, shit like that. I know I'd feel safer.
    • so this would triple the inbound volume to my co-lo.

      For people paying per GB of transfer, it could be a big deal. These days, though, 1,000GB/month is the normal allocation for dedicated servers, so an extra 6GB of traffic would be nothing. (Assuming they weren't using 994 a month...) I'd be concerned about issues like server load instead.
    • Its a shame that they can't include a dynamic DNS hack into the system.

      This is not a matter of what "they" can hack. Most NTP clients do not do a DNS request before every NTP packet they send out, but only resolve the address when initialized and then make queries to a fixed address.
      That would mean that systems that are not rebooted often would lose contact when your system changes address.

The best things in life go on sale sooner or later.

Working...