NTP's Fate Hinges On 'Father Time' - InformationWeek
IoT
IoT
IT Life
News
3/11/2015
06:06 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%
RELATED EVENTS
Fearless & Secure Cloud Migration
Dec 14, 2017
In this webinar, learn how to make a safe, secure migration to the cloud, that both manages risks ...Read More>>

NTP's Fate Hinges On 'Father Time'

The Network Time Protocol provides a foundation to modern computing. So why does NTP's support hinge so much on the shaky finances of one 59-year-old developer?

(Image: Geralt via Pixabay)

(Image: Geralt via Pixabay)

In April, one of the open source code movement's first and biggest success stories, the Network Time Protocol, will reach a decision point. At 30 years old, will NTP continue as the preeminent time synchronization system for Macs, Windows, and Linux computers and most servers on networks?

Or will this protocol go into a decline marked by drastically slowed development, fewer bug fixes, and greater security risks for the computers that use it? The question hinges to a surprising degree on the personal finances of a 59-year-old technologist in Talent, Ore., named Harlan Stenn.

The Network Time Protocol is important enough that the likes of Google and Apple speak up if they find a bug in the protocol that needs fixing, or a modification they think is needed. But NTP has worked so well for so long that few people think there's any problem.

Not all is well within the NTP open source project. The number of volunteer contributors -- those who submit code for periodic updates, examine bug reports, and write fixes -- has shrunk over its long lifespan, even as its importance has increased. Its ongoing development and maintenance now rest mostly on the shoulders of Stenn, and that's why NTP faces a turning point. Stenn, who also works sporadically on his own consulting business, has given himself a deadline: Garner more financial support by April, "or look for regular work.”

(Image: Margaret Clark)

(Image: Margaret Clark)

Stenn's shaky personal finances illustrate one very real risk to the future of the Internet. A number of widely used foundations of the Internet -- such as OpenSSL, the Domain Name System, and NTP -- are based on open source code. Open source means no one owns the software, anyone can use it, and it's maintained through a collaborative process of people submitting changes to a central governing group. Some open source projects, such as the Android mobile OS, have a rich uncle like Google that pays people who maintain the code as a side job. Or, the project is trendy enough that working on it helps to spur consulting work. But a project like NTP, which is buried deep in the infrastructure, doesn't have a clear-cut financial backer. That leaves support up to people like Stenn.

For the last three-and-a-half years, Stenn said he's worked 100-plus hours a week answering emails, accepting patches, rewriting patches to work across multiple operating systems, piecing together new releases, and administering the NTP mailing list. If NTP should get hacked or for some reason stop functioning, hundreds of thousands of systems would feel the consequences. "If that happened, all the critics would say, 'See, you can't trust open source code,'" said Stenn.

Sam Ramji, CEO of the Cloud Foundry Foundation, cited Stenn’s work in an address at the Open Compute Summit 2015 in San Jose Mar. 11. He dubbed him "Father Time," and said he was "scraping by" as he continued to work on NTP.

Stenn is hardly the only open source coder living in such straits. Ramji also mentioned Werner Koch in Germany, the author and maintainer of Gnu Privacy Guard, which is used in three popular email encryption programs. In a Feb. 5 article, Koch told ProPublica that he was "going broke" on $25,000 a year since 2001. Chet Ramey, part of the networking infrastructure team at Case Western Reserve, has been the primary maintainer of the Bash shell for Unix since 1990 with minimal support.

Ramji noted that OpenSSL developers had been receiving less than $2,000 a year in donations when the Heartbleed exploit of OpenSSL broke out last April. "Secure code is hard to write and maintain," Ramji noted. Users have to decide whether they want to leave these projects to survive as best they can.

Next Page: Watching the timekeeper

Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 5
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 4   >   >>
akostadinov
50%
50%
akostadinov,
User Rank: Apprentice
8/18/2015 | 10:50:33 AM
alternatives
chronyd anybody? (chrony.tuxfamily.org)

works better at least for some use cases...

Competition is good, otherwise things rot anyway.
kstaron
50%
50%
kstaron,
User Rank: Ninja
3/25/2015 | 3:52:11 PM
So the people using it aren't wiling to pay?
Can I guess that by the lack of this guy's wallet, that the companies who claim to care, like Google, have not stepped up and given the the guy funding to make sure the clock keeps ticking? If he has not yet, I would suggest he approach each of the companies that uses NTP and tell them it's in danger of being unsupported without financial backing. Wake up the guys who use it and let them know the free ride is about over.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
3/23/2015 | 11:51:33 PM
Has this issue kept you up late at night?
This may not be something you've worried about lately, but the 32-bit counter in the Network Time Protocol's time stamp is able to designate any second that's occurred since Jan.1, 1900. The only thing bad about covering such an expanse of time is that the counter runs out of numbers sometime in 2036. Like I said, maybe you haven't worried about it -- yet. Harlan Stenn is up late at night thinking about the solution... Better keep him on the case.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
3/18/2015 | 1:46:40 PM
Just a minute, Mr. Gigabob
Your answer is straightforward, Mr. Gigabob, except for the part about how we've had for years many companies with a vested interest in sychronizing time and they haven't done what you say should happen.
Mr. Gigabob
50%
50%
Mr. Gigabob,
User Rank: Strategist
3/18/2015 | 12:45:27 PM
Re: Is there really a problem?
The process is straightforward - an industry group with a vested interest steps in and enlists support from an eco-system by starting a "Time Committee" with contributions from those organizations in the form of team members and fiscal backing levels.  DLNA, USB, WiFi all started this way as a prelude to creating and adopting a standard.  The more groups the get behind supporting NTP - the more that will build in NTP into their systems.  

Ideally, increased investment in time synchronization for security, log management and other roles will add many paths to orbiting atomic clocks in GPS satellites to increase accuracy of NTP so it eclipses PTP - Precision Time Protocol (IEEE1588).

NTP and PTP approach the problem from different angles.  PTP uses hardware to provide a precise local clock with accuracy to 100ns and very little software sophistication.  NTP uses software and statistics to get time from local motherboards and other sources then distribute across a network.  Accuracy varies widely from micro-seconds to 10's of milliseconds, as distribution delays across shared network links are impacted by busy workloads.  Until there is a ubiquity of precision time sources available with known latency, we need both.

As an example of industry standard support - suppose members of the "TIME ASSOCIATION" included all the major home network router vendors.  Their support for NTP might include some local intelligence and a dedicated port channel for distributing time information that would have a prioritezed Quality of Service level enabling it to consistently provide microsecond accuracy in the home.  This would be advertised as a selling point and if embraced by users would prolieferate across the Customer Premises landscape.

Ironically we have access to precision time in to 100ns today.  Everyone with a GPS chip in their mobile phone leverages the GPS time in the orbiting satellites.  Perhaps it is time to codify that into a new standard.
pzjones
50%
50%
pzjones,
User Rank: Apprentice
3/18/2015 | 12:28:30 PM
Demonstrates change in motivation
I think this article clearly demonstrates what attracts people to IT now is not what drove many of us into IT 20+ years ago. It wasn't about the "job" or the "salary." It was about the love of this new technology, about being a pioneer in this industry, about collaboration, about conquering and innovating.

 It was nice that it came with a salary but that wasn't the driving force. I've seen many come because they thought they would make the big bucks but didn't have the heart or the passion and now they have gone...some stick around because "it's a job" and they don't want to go back to school. For those like Stenn, it is much more than that...it's in the blood. We need to figure out how to ignite that fire in the younger generation that has come to rely on technology without a desire to be part of it.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
3/17/2015 | 2:07:46 PM
You're right, Cesium-133 is stable, not decomposing
mbperezpinilla, A second as measured by an atomic clock is "9,192,631,770 cycles of radiation" reflecting the transition in energy levels of the Caesium-133 atom, according to the International System of Units. I didn't realize radiation in this case doesn't mean (ouch) radioactive. I've always thought atomic cloicks were using a measure of radioactive decomposition as a precise time-keeper. Instead, it's vibrations of the stable Cesium-133 atom that's keeping the beat. It's Cesium-137, used in medical imaging, that's radioactive. Oh boy, time to brush up on my physics.

 

 
mbperezpinilla
50%
50%
mbperezpinilla,
User Rank: Apprentice
3/17/2015 | 7:07:24 AM
Radioactive Cesium-133???
Cesium-133 is the only stable isotope of Cesium!
vorlonken
50%
50%
vorlonken,
User Rank: Apprentice
3/16/2015 | 1:28:34 PM
Here's the proper solution
Author: "So, Mr Stenn, what will you do if huge companies like Google, Microsoft, IBM, Apple, Cisco, Intel, etc don't start contributing? They could each donate $10 million/year with the change culled from under the driver's seat of the CEO!" Stenn: (shrugs) That's how the article should end. I hope everyone out there got my very unsubtle reference.
Susan_Nunziata
50%
50%
Susan_Nunziata,
User Rank: Strategist
3/16/2015 | 7:48:06 AM
Re: Is there really a problem?
@Gigabob: Your comment caught my eye, especially this: creating a better vehicle to support critical open source protocols like NTP.

Having been thru a similar experience yourself, what would you say is required to create such a vehicle for NTP (and other critical open source projects).

 

 
Page 1 / 4   >   >>
2017 State of IT Report
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll