(Continued from preceding page)
in an interview with InformationWeek. He described Stenn as "a good friend and one of the most technically capable people that I've ever met."
Takhar acknowledged that NTPSec will be a fork of the NTP project, and will proceed in its own direction, attempting to impose new security guarantees and best practices testing on NTP code. There's no agreement that these will be adopted into the core project, he acknowledged.
But Takhar recently participated in a National Science Foundation "rescue" project intended to improve the security of NTP and other open source code. He wants to take the results of that work to create a more tamper-proof version of NTP in hopes that such code will influence NTP's course in the long run.
Working with the code from another project is a long tradition in open source, said Takhar. "I honestly hope the NTP protocol as a whole benefits."
When asked to comment on NTPSec, Stenn in an interview said he could say little about a project that he knew little about. He said it would be his job to live with it as another open source project. As with any project, he intends to watch for ideas viewed as improvements, wherever they come from, that could throw NTP out of compatibility with the many systems it currently works with.
Takhar has a group of six developers behind NTPSec, including a fellow veteran of the National Science Foundation project, a long-term member of the existing NTP Project, and Mark Atwood, HP's open source outreach manager. Eric Raymond -- author of The Cathedral and the Bazaar, a book on the characteristics of open source code -- is also a member.
Linux Foundation Funding Is A Surprise
The fact that the Linux Foundation and Stenn have reached agreement at this point came as something of a surprise. With a decision already past due, the foundation announced in June that it had allocated $500,000 to three projects. Neither NTP nor Stenn's Network Time Foundation were among them.
[ What else does the Linux Foundation support? Read Linux Foundation Funds Internet Security Advances. ]
Stenn's funding ran out April 30, but the foundation invited him to submit invoices as talks continued. It has continued paying him up to this point.
Stenn, who had been at loggerheads with the foundation in March over new accountability requirements, said he found himself talking to Linux security expert Emily Ratliff, a newly hired foundation staff member, in June. "Emily and I seem to be getting along together just fine," said Stenn. He added that a new contract sent to him in July no longer had the reporting requirements to which he had objected.
Stenn said the renewed money coming in was "awesome and wonderful."
But he thinks Internet time, and network time synchronization in general, is worth more than what he's receiving so far. He is preparing proposals for additional funding from other sources. His goals are to see more standards-body work on NTP and more background research and development on how best to steer its future.
Even with existing support, the complexities of time keeping and time synchronization threaten to overwhelm the limited resources devoted to them. The total need for NTP's maintenance ranges above $2 million, including staff to support the work that needs to be done rather than relying solely on volunteers, Stenn said.
Coming up with a standard way to incorporate leap seconds into NTP would be one of many priorities that could absorb such spending, he said. A recent addition of a leap second on June 30 illustrated the need. The NTP protocol and Google, for example, did it differently, so for 12 hours their clocks couldn't be synchronized.