NTP's Fate Hinges On 'Father Time' - InformationWeek
IoT
IoT
IT Life
News
3/11/2015
06:06 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

NTP's Fate Hinges On 'Father Time'

The Network Time Protocol provides a foundation to modern computing. So why does NTP's support hinge so much on the shaky finances of one 59-year-old developer?

(Image: Geralt via Pixabay)

(Image: Geralt via Pixabay)

In April, one of the open source code movement's first and biggest success stories, the Network Time Protocol, will reach a decision point. At 30 years old, will NTP continue as the preeminent time synchronization system for Macs, Windows, and Linux computers and most servers on networks?

Or will this protocol go into a decline marked by drastically slowed development, fewer bug fixes, and greater security risks for the computers that use it? The question hinges to a surprising degree on the personal finances of a 59-year-old technologist in Talent, Ore., named Harlan Stenn.

The Network Time Protocol is important enough that the likes of Google and Apple speak up if they find a bug in the protocol that needs fixing, or a modification they think is needed. But NTP has worked so well for so long that few people think there's any problem.

Not all is well within the NTP open source project. The number of volunteer contributors -- those who submit code for periodic updates, examine bug reports, and write fixes -- has shrunk over its long lifespan, even as its importance has increased. Its ongoing development and maintenance now rest mostly on the shoulders of Stenn, and that's why NTP faces a turning point. Stenn, who also works sporadically on his own consulting business, has given himself a deadline: Garner more financial support by April, "or look for regular work.”

(Image: Margaret Clark)

(Image: Margaret Clark)

Stenn's shaky personal finances illustrate one very real risk to the future of the Internet. A number of widely used foundations of the Internet -- such as OpenSSL, the Domain Name System, and NTP -- are based on open source code. Open source means no one owns the software, anyone can use it, and it's maintained through a collaborative process of people submitting changes to a central governing group. Some open source projects, such as the Android mobile OS, have a rich uncle like Google that pays people who maintain the code as a side job. Or, the project is trendy enough that working on it helps to spur consulting work. But a project like NTP, which is buried deep in the infrastructure, doesn't have a clear-cut financial backer. That leaves support up to people like Stenn.

For the last three-and-a-half years, Stenn said he's worked 100-plus hours a week answering emails, accepting patches, rewriting patches to work across multiple operating systems, piecing together new releases, and administering the NTP mailing list. If NTP should get hacked or for some reason stop functioning, hundreds of thousands of systems would feel the consequences. "If that happened, all the critics would say, 'See, you can't trust open source code,'" said Stenn.

Sam Ramji, CEO of the Cloud Foundry Foundation, cited Stenn’s work in an address at the Open Compute Summit 2015 in San Jose Mar. 11. He dubbed him "Father Time," and said he was "scraping by" as he continued to work on NTP.

Stenn is hardly the only open source coder living in such straits. Ramji also mentioned Werner Koch in Germany, the author and maintainer of Gnu Privacy Guard, which is used in three popular email encryption programs. In a Feb. 5 article, Koch told ProPublica that he was "going broke" on $25,000 a year since 2001. Chet Ramey, part of the networking infrastructure team at Case Western Reserve, has been the primary maintainer of the Bash shell for Unix since 1990 with minimal support.

Ramji noted that OpenSSL developers had been receiving less than $2,000 a year in donations when the Heartbleed exploit of OpenSSL broke out last April. "Secure code is hard to write and maintain," Ramji noted. Users have to decide whether they want to leave these projects to survive as best they can.

Next Page: Watching the timekeeper

Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio

Previous
1 of 5
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 4   >   >>
akostadinov
50%
50%
akostadinov,
User Rank: Apprentice
8/18/2015 | 10:50:33 AM
alternatives
chronyd anybody? (chrony.tuxfamily.org)

works better at least for some use cases...

Competition is good, otherwise things rot anyway.
kstaron
50%
50%
kstaron,
User Rank: Ninja
3/25/2015 | 3:52:11 PM
So the people using it aren't wiling to pay?
Can I guess that by the lack of this guy's wallet, that the companies who claim to care, like Google, have not stepped up and given the the guy funding to make sure the clock keeps ticking? If he has not yet, I would suggest he approach each of the companies that uses NTP and tell them it's in danger of being unsupported without financial backing. Wake up the guys who use it and let them know the free ride is about over.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
3/23/2015 | 11:51:33 PM
Has this issue kept you up late at night?
This may not be something you've worried about lately, but the 32-bit counter in the Network Time Protocol's time stamp is able to designate any second that's occurred since Jan.1, 1900. The only thing bad about covering such an expanse of time is that the counter runs out of numbers sometime in 2036. Like I said, maybe you haven't worried about it -- yet. Harlan Stenn is up late at night thinking about the solution... Better keep him on the case.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
3/18/2015 | 1:46:40 PM
Just a minute, Mr. Gigabob
Your answer is straightforward, Mr. Gigabob, except for the part about how we've had for years many companies with a vested interest in sychronizing time and they haven't done what you say should happen.
Mr. Gigabob
50%
50%
Mr. Gigabob,
User Rank: Strategist
3/18/2015 | 12:45:27 PM
Re: Is there really a problem?
The process is straightforward - an industry group with a vested interest steps in and enlists support from an eco-system by starting a "Time Committee" with contributions from those organizations in the form of team members and fiscal backing levels.  DLNA, USB, WiFi all started this way as a prelude to creating and adopting a standard.  The more groups the get behind supporting NTP - the more that will build in NTP into their systems.  

Ideally, increased investment in time synchronization for security, log management and other roles will add many paths to orbiting atomic clocks in GPS satellites to increase accuracy of NTP so it eclipses PTP - Precision Time Protocol (IEEE1588).

NTP and PTP approach the problem from different angles.  PTP uses hardware to provide a precise local clock with accuracy to 100ns and very little software sophistication.  NTP uses software and statistics to get time from local motherboards and other sources then distribute across a network.  Accuracy varies widely from micro-seconds to 10's of milliseconds, as distribution delays across shared network links are impacted by busy workloads.  Until there is a ubiquity of precision time sources available with known latency, we need both.

As an example of industry standard support - suppose members of the "TIME ASSOCIATION" included all the major home network router vendors.  Their support for NTP might include some local intelligence and a dedicated port channel for distributing time information that would have a prioritezed Quality of Service level enabling it to consistently provide microsecond accuracy in the home.  This would be advertised as a selling point and if embraced by users would prolieferate across the Customer Premises landscape.

Ironically we have access to precision time in to 100ns today.  Everyone with a GPS chip in their mobile phone leverages the GPS time in the orbiting satellites.  Perhaps it is time to codify that into a new standard.
pzjones
50%
50%
pzjones,
User Rank: Apprentice
3/18/2015 | 12:28:30 PM
Demonstrates change in motivation
I think this article clearly demonstrates what attracts people to IT now is not what drove many of us into IT 20+ years ago. It wasn't about the "job" or the "salary." It was about the love of this new technology, about being a pioneer in this industry, about collaboration, about conquering and innovating.

 It was nice that it came with a salary but that wasn't the driving force. I've seen many come because they thought they would make the big bucks but didn't have the heart or the passion and now they have gone...some stick around because "it's a job" and they don't want to go back to school. For those like Stenn, it is much more than that...it's in the blood. We need to figure out how to ignite that fire in the younger generation that has come to rely on technology without a desire to be part of it.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
3/17/2015 | 2:07:46 PM
You're right, Cesium-133 is stable, not decomposing
mbperezpinilla, A second as measured by an atomic clock is "9,192,631,770 cycles of radiation" reflecting the transition in energy levels of the Caesium-133 atom, according to the International System of Units. I didn't realize radiation in this case doesn't mean (ouch) radioactive. I've always thought atomic cloicks were using a measure of radioactive decomposition as a precise time-keeper. Instead, it's vibrations of the stable Cesium-133 atom that's keeping the beat. It's Cesium-137, used in medical imaging, that's radioactive. Oh boy, time to brush up on my physics.

 

 
mbperezpinilla
50%
50%
mbperezpinilla,
User Rank: Apprentice
3/17/2015 | 7:07:24 AM
Radioactive Cesium-133???
Cesium-133 is the only stable isotope of Cesium!
vorlonken
50%
50%
vorlonken,
User Rank: Apprentice
3/16/2015 | 1:28:34 PM
Here's the proper solution
Author: "So, Mr Stenn, what will you do if huge companies like Google, Microsoft, IBM, Apple, Cisco, Intel, etc don't start contributing? They could each donate $10 million/year with the change culled from under the driver's seat of the CEO!" Stenn: (shrugs) That's how the article should end. I hope everyone out there got my very unsubtle reference.
Susan_Nunziata
50%
50%
Susan_Nunziata,
User Rank: Strategist
3/16/2015 | 7:48:06 AM
Re: Is there really a problem?
@Gigabob: Your comment caught my eye, especially this: creating a better vehicle to support critical open source protocols like NTP.

Having been thru a similar experience yourself, what would you say is required to create such a vehicle for NTP (and other critical open source projects).

 

 
Page 1 / 4   >   >>
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll