NTP's Fate Hinges On 'Father Time' - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Life
News
3/11/2015
06:06 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

NTP's Fate Hinges On 'Father Time'

The Network Time Protocol provides a foundation to modern computing. So why does NTP's support hinge so much on the shaky finances of one 59-year-old developer?

(Image: Geralt via Pixabay)

(Image: Geralt via Pixabay)

In April, one of the open source code movement's first and biggest success stories, the Network Time Protocol, will reach a decision point. At 30 years old, will NTP continue as the preeminent time synchronization system for Macs, Windows, and Linux computers and most servers on networks?

Or will this protocol go into a decline marked by drastically slowed development, fewer bug fixes, and greater security risks for the computers that use it? The question hinges to a surprising degree on the personal finances of a 59-year-old technologist in Talent, Ore., named Harlan Stenn.

The Network Time Protocol is important enough that the likes of Google and Apple speak up if they find a bug in the protocol that needs fixing, or a modification they think is needed. But NTP has worked so well for so long that few people think there's any problem.

Not all is well within the NTP open source project. The number of volunteer contributors -- those who submit code for periodic updates, examine bug reports, and write fixes -- has shrunk over its long lifespan, even as its importance has increased. Its ongoing development and maintenance now rest mostly on the shoulders of Stenn, and that's why NTP faces a turning point. Stenn, who also works sporadically on his own consulting business, has given himself a deadline: Garner more financial support by April, "or look for regular work.”

(Image: Margaret Clark)

(Image: Margaret Clark)

Stenn's shaky personal finances illustrate one very real risk to the future of the Internet. A number of widely used foundations of the Internet -- such as OpenSSL, the Domain Name System, and NTP -- are based on open source code. Open source means no one owns the software, anyone can use it, and it's maintained through a collaborative process of people submitting changes to a central governing group. Some open source projects, such as the Android mobile OS, have a rich uncle like Google that pays people who maintain the code as a side job. Or, the project is trendy enough that working on it helps to spur consulting work. But a project like NTP, which is buried deep in the infrastructure, doesn't have a clear-cut financial backer. That leaves support up to people like Stenn.

For the last three-and-a-half years, Stenn said he's worked 100-plus hours a week answering emails, accepting patches, rewriting patches to work across multiple operating systems, piecing together new releases, and administering the NTP mailing list. If NTP should get hacked or for some reason stop functioning, hundreds of thousands of systems would feel the consequences. "If that happened, all the critics would say, 'See, you can't trust open source code,'" said Stenn.

Sam Ramji, CEO of the Cloud Foundry Foundation, cited Stenn’s work in an address at the Open Compute Summit 2015 in San Jose Mar. 11. He dubbed him "Father Time," and said he was "scraping by" as he continued to work on NTP.

Stenn is hardly the only open source coder living in such straits. Ramji also mentioned Werner Koch in Germany, the author and maintainer of Gnu Privacy Guard, which is used in three popular email encryption programs. In a Feb. 5 article, Koch told ProPublica that he was "going broke" on $25,000 a year since 2001. Chet Ramey, part of the networking infrastructure team at Case Western Reserve, has been the primary maintainer of the Bash shell for Unix since 1990 with minimal support.

Ramji noted that OpenSSL developers had been receiving less than $2,000 a year in donations when the Heartbleed exploit of OpenSSL broke out last April. "Secure code is hard to write and maintain," Ramji noted. Users have to decide whether they want to leave these projects to survive as best they can.

Next Page: Watching the timekeeper

Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 5
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 3 / 4   >   >>
Jamescon
50%
50%
Jamescon,
User Rank: Author
3/13/2015 | 10:17:07 AM
A look behind the scenes
Charlie. Great idea to look into the inner workings of technology (the code and the people) that most of us never see. Well done.
sejtam
50%
50%
sejtam,
User Rank: Apprentice
3/13/2015 | 6:59:39 AM
pool.ntp.org
While I agree with this article 100% i think it should have been mentioned that there are a number of organizations (and individuals) who donate a server and bandwidth to the pool.ntp.org project which provides much of the net-wide NTP distribution.
sejtam
50%
50%
sejtam,
User Rank: Apprentice
3/13/2015 | 6:46:02 AM
Re: It's fine to send big money directly to NTF!
For individual donations, a campaign on GoFundMe or Kickstarter or somesuch site would be useful (or maybe just Amazon Payments)?
JanK591
50%
50%
JanK591,
User Rank: Apprentice
3/13/2015 | 3:30:37 AM
Re: Let it fail?
I think it's completely in line with open source spirit. Various projects rise up and fall all the time. FLOSS was always about freedom of choice and if ntpd will be missed, your solution will resolve the problem, just as you said.
JanK591
50%
50%
JanK591,
User Rank: Apprentice
3/13/2015 | 3:26:43 AM
Re: Truly Disturbing
There are no problems with server costs, in fact I am sure that most of companies mentioned here do maintain their NTP servers, probably in large amount. The problem is with funding the development of software that runs on those servers. Cessation of development won't bring any immediate catastrophe and hence doesn't make a convincing argument to people who could pay for it.
JanK591
50%
50%
JanK591,
User Rank: Apprentice
3/13/2015 | 3:21:56 AM
Re: Pending Review
Over the years I came to a conclusion that attempting a donation-based model for open source/free software is futile effort. Only big endavours seem to be able to support themselves their way. Same goes for business model based on giving product for free and selling support. I think the FLOSS community was completely wrong in presenting this model as an alternative to traditional software business.


As I see it, there are only two options available for FLOSS projects. First option is fully voluntary work by people who are able to support themselves in other way. Second option is big business who uses FLOSS in their operations - not necesarily in their product, but also in infrastructure. Working together with other enterprises on commonly needed features is clearly beneficial. The second model is already prominent, but need more time to sink in. CEOs need to understand that cooperation is mutually beneficial and doesn't equal "giving away for free". Even when majority of users don't contribute code, they still do a tremendous job of spreading the word, thus giving the project more potential developers.
I_just_wanna_say_
50%
50%
I_just_wanna_say_,
User Rank: Apprentice
3/12/2015 | 11:12:21 PM
Re: Let it fail?
Or alternatively, Apple, who just announced the Apple Watch, could set up a small endowment to support the project in perpetuity and use that as a marketing hook.  Just think, the Apple Watch, a product that seems completely pointless to most people could suddenly become a badge of geeky insider knowledge ---

OK I'm naive.
Charlie Babcock
50%
50%
Charlie Babcock,
User Rank: Author
3/12/2015 | 5:56:51 PM
Yes, some contribute, some don't
Good comment from EJW, an IT manager in the Calif. State University system, and Tony J, thanks. I would like to note that Google is a contributor to the Linux Foundation's Core Infrastructure Initiative, now supporting Stenn. The CII includes Amazon, IBM, others and supports Werner Koch's Gnu PG in Germany & other projects as well. But there aren't enough $$ to go around. Stenn's non-profit is at www.nwtime.org. Checks can be sent to Network Time Foundation, PO Box 918, Talent, OR. 97540.
EJW
50%
50%
EJW,
User Rank: Apprentice
3/12/2015 | 4:59:11 PM
No Free Lunch
I have just read Charles Babcocks excellent article about NTP.org and Harlan Stenn.

I wasn't aware of the situation: it is utterly shameful that the likes of Apple, Google and others have allowed this to occur while freeloading on the software that allows them to make millions.

And it is not just the IT industry:

"...the NTP time stamp is one of the few ways equities firms have of proving to regulators they were in compliance of making a trade..."

So where are the contributions from Wall Street?

There is no free lunch!

Sooner or later everything must be paid for by someone; from NTP to PBS and even whole economies (just ask the Greeks).

I just made my contribution.

Tony A
100%
0%
Tony A,
User Rank: Moderator
3/12/2015 | 1:58:58 PM
Truly Disturbing
This is the most unsettling thing I've read since a report many years ago that said all international Internet traffic was being routed through a garage in Virginia. Truly amazing how vulnerable the entire infrastructure is in spite of the fact that it is now the  single most important vehicle for both business and defense.

So nobody wants to pay for an infrastructure service that is crucial to the Pentagon, the stock market, major search providers, ISP's and satellite communications? I say you send Goldman Sachs, Google, Microsoft and a few others - don't forget our friends at Verizon and Time Warner who oppose net neutrality - a letter written on a Smith Corona typewriter saying that the servers will be going down for one second at 12:00:00 a.m. next Monday, to save energy costs. Then see if they come up with some funding.

"We don't contribute to open source projects" - that's a classic. Google spends more on sushi and GS on annual bonuses than they are willing to spend on a service that their entire revenue streams depend on. As if the Internet were a natural resource like air and water and they are just entitled to it. It's unbelievable what we put up with from these companies. They should fund a pension for Mr. Stenn and his family in addition to ponying up a few million $ to keep the service stable and secure.
<<   <   Page 3 / 4   >   >>
News
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Commentary
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
Slideshows
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Video
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
Slideshows
Flash Poll