7 Linux Facts That Will Surprise You

Harlan Stenn, the Network Time Protocol (NTP) maintainer whose precarious finances were brought to light in an InformationWeek article in March, has been approved for 12 more months of funding by the Linux Foundation.

NTP is the chief synchronizer of time between different computer systems on the Internet and on most private networks. It relies on several time references -- including one supplied by the US Naval Observatory, another by the National Institute of Standards & Technology, and at least three GPS satellite-based atomic clocks -- to create reference time servers that nearly all Linux, Windows, and Unix systems use to determine the correct time.

The grant momentarily sets aside the possibility that Stenn, who is also known as "Father Time" and serves as NTP's chief maintainer and release manager, will be forced to minimize his protocol work and return to private consulting.

Stenn's circumstances came to represent the vulnerability of key parts of the public Internet. He cited his difficulties in working long days and traveling to keep up the NTP physical infrastructure at two Internet service providers while pulling in $84,000 a year in funding.

In March, Stenn was considering whether to quit his daily stints of NTP maintenance to return to income-producing consulting work. As chief maintainer, one of his regular goals is to keep NTP in step with several versions of Ubuntu, Debian, SUSE, CentOS, Red Hat, HP/UX, AIX, and Solarism, and to prepare backward-compatible upates to the protocol.

Figure 1:

Harlan Stenn

(Image: Margaret Clark)

The renewal of his Linux Foundation funding is accompanied by an additional increase of $75,000 in corporate and private donor funding to his Network Time Foundation, which he established in 2011. The foundation pulled in $105,000 in 2014. It appears on track to garner $180,000 this year. A small percentage of the total, about $15,000, supports Stenn's NTP Lab, office, and technology expenses. The remainder is spent on the broader purposes of the foundation, which hosts four network time projects and conducts education and outreach.

[ Want to learn more about Harlan Stenn? Read NTP's Fate Hinges On 'Father Time'. ]

Stenn has had difficulty convincing many corporate donors to contribute to the NTP Foundation, or to the NTP.org project, since they have always received its benefits for free. Among the companies that contribute are: Yahoo, NetBSD, VMware, Meinberg, Infoblox, Debian, PTB, and FreeBSD.

The Linux Foundation's Core Infrastructure Initiative has 18 donors, including Microsoft, Google, Amazon, and IBM. Major banks, insurance companies, Wall Street trading firms, and telecommunications companies -- all of which rely on the timestamp of the Network Time Protocol on transactions -- are missing from donor lists.

The legal liabilities that revolve around poor or failed time-keeping should justify further investment from major enterprises, according to Stenn, though he acknowledged he has to work to convince those holding corporate purse strings why such concerns are valid. If he doesn't, he warned, they may learn it another way one day, in a manner he doesn't wish to contemplate.

NTP: A Top Priority?

Even as the Linux Foundation decision appears to clear the way for the organization's Core Infrastructure Initiative to continue to support Stenn and the NTP Project on an ongoing basis, foundation officials offered few long-term guarantees. The current grant runs through May 1, 2016, when it will once again come up for renewal. According to Jim Zemlin, executive director of the Linux Foundation, there was no question that reliable NTP operation was a top priority of the Core Infrastructure Initiative.

But it was also clear that the foundation was hedging its bets in relying on Stenn, who is 59, as its sole, future, full-time NTP maintainer.

In addition, the steering committee of the Core Infrastructure Initiative could be seen hedging its bets, as it funded Poul-Henning Kamp, a skilled developer in Denmark focused on modernizing the monolithic NTP code stack. The committee also decided to fund Amar Takhar, an NTP contributor and independent software testing contractor, who is founding an NTP security project, NTPSec.

"NTP is something that I am very passionate about and have contributed to for four years," Takhar said

(Continued on next page)

(Continued from preceding page)

in an interview with InformationWeek. He described Stenn as "a good friend and one of the most technically capable people that I've ever met."

Takhar acknowledged that NTPSec will be a fork of the NTP project, and will proceed in its own direction, attempting to impose new security guarantees and best practices testing on NTP code. There's no agreement that these will be adopted into the core project, he acknowledged.

But Takhar recently participated in a National Science Foundation "rescue" project intended to improve the security of NTP and other open source code. He wants to take the results of that work to create a more tamper-proof version of NTP in hopes that such code will influence NTP's course in the long run.

Working with the code from another project is a long tradition in open source, said Takhar. "I honestly hope the NTP protocol as a whole benefits."

Figure 2:

(Image: Christong via Pixabay)

When asked to comment on NTPSec, Stenn in an interview said he could say little about a project that he knew little about. He said it would be his job to live with it as another open source project. As with any project, he intends to watch for ideas viewed as improvements, wherever they come from, that could throw NTP out of compatibility with the many systems it currently works with.

Takhar has a group of six developers behind NTPSec, including a fellow veteran of the National Science Foundation project, a long-term member of the existing NTP Project, and Mark Atwood, HP's open source outreach manager. Eric Raymond -- author of The Cathedral and the Bazaar, a book on the characteristics of open source code -- is also a member.

Linux Foundation Funding Is A Surprise

The fact that the Linux Foundation and Stenn have reached agreement at this point came as something of a surprise. With a decision already past due, the foundation announced in June that it had allocated $500,000 to three projects. Neither NTP nor Stenn's Network Time Foundation were among them.

[ What else does the Linux Foundation support? Read Linux Foundation Funds Internet Security Advances. ]

Stenn's funding ran out April 30, but the foundation invited him to submit invoices as talks continued. It has continued paying him up to this point.

Stenn, who had been at loggerheads with the foundation in March over new accountability requirements, said he found himself talking to Linux security expert Emily Ratliff, a newly hired foundation staff member, in June. "Emily and I seem to be getting along together just fine," said Stenn. He added that a new contract sent to him in July no longer had the reporting requirements to which he had objected.

Stenn said the renewed money coming in was "awesome and wonderful."

But he thinks Internet time, and network time synchronization in general, is worth more than what he's receiving so far. He is preparing proposals for additional funding from other sources. His goals are to see more standards-body work on NTP and more background research and development on how best to steer its future.

Even with existing support, the complexities of time keeping and time synchronization threaten to overwhelm the limited resources devoted to them. The total need for NTP's maintenance ranges above $2 million, including staff to support the work that needs to be done rather than relying solely on volunteers, Stenn said.

Coming up with a standard way to incorporate leap seconds into NTP would be one of many priorities that could absorb such spending, he said. A recent addition of a leap second on June 30 illustrated the need. The NTP protocol and Google, for example, did it differently, so for 12 hours their clocks couldn't be synchronized.