NTP's Fate Hinges On 'Father Time'

(Image: Christong via Pixabay)

NTP: Google And Apple Are Watching

The original NTP code was pulled together by a small group of academic and commercial developers led by now-retired Professor David Mills at the University of Delaware, who Stenn called "a super-genius," and with whom he still consults on a regular basis. But NTP was conceived "in friendlier times," Stenn observed wryly.

The need to develop NTP further coincides with new devices and new applications coming all the time onto the network, while the stakes behind reliable releases have gone up.

The most recent release of NTP 4.2.8 was "hurried out the door," said Heiko Gerstung, a managing director of Meinberg, a German producer of time servers based on NTP. The company expressed concern to Stenn on that point. But Meinberg executives know the condition of the overall project. "Considering the fact that this guy manages the releases of NTP all by himself, he is doing a heck of a job," Gerstung said in an email interview with InformationWeek. Meinberg is one of the few direct financial backers of the NTP project.

As the NTP project lead, Stenn gets calls from the biggest Internet and industrial companies about problems or suggested additions for NTP. He's happy to help. Occasionally, he pitches them to sign up as supporters of the Network Time Foundation, a nonprofit corporation he set up to receive donations for NTP. According to Stenn, they seldom do. In fact, just six companies support the foundation, with VMware the only household name among them.

The importance of NTP to the daily functioning of businesses can't be overstated. The NTP time stamp is part of how equities firms show that trades took place when they say they did, an element that helps them stay in regulatory compliance. Air traffic control relies on NTP for synchronized clocks. Robotic manufacturing uses it to carry out closely timed operations requiring coordinated time. Google search operations rely on it, which is why the Google security team scrutinizes NTP for bugs.

Apple Macintosh computers and servers running OSX use NTP, and Stenn said Apple developers have called him for help on several NTP issues. In the last such incident, he said he delayed a patch to give Apple more time to prepare OS X for it. When they were ready, he applied the patch and asked "whether Apple could send a donation to the Network Time Foundation," Stenn recalled. "They said they would do their best to see that Apple throws some money our way." But it hasn't happened yet.

"Everybody loves us," Stenn said. "But people with money say, 'We don't give to open source projects.'"

Asked whether running through his personal savings to support NTP was a sustainable position, he acknowledged he gets credit for creating well-crafted NTP releases, "but I never said I was smart."

NTP is nevertheless the protocol that everyone depends on. Other candidates exist, and Stenn himself said there are good ideas included in the young Precision Time Protocol project. But nothing else is in the running to take over synchronizing time on the network.

Linux Foundation Executive Director Jim Zemlin raised the problem of NTP's continued development in a keynote address at the Linux Collaboration Summit in Santa Rosa, Calif., on Feb. 18. (That's what led InformationWeek to seek out Stenn; he didn't come to us with his story.) Zemlin said poorly supported open source projects pose a risk to all the systems that depend on them. The OpenSSL project, an encryption project widely used to secure websites, had been receiving less than $2,000 a year in donations until the Heartbleed exploit compromised OpenSSL code.

"There are certain projects that have not received support commensurate with their importance," Zemlin said. "Too many critical open source software projects are underfunded and under-resourced."

OpenSSL, the Domain Name System, NTP and a handful of other open source projects on which the Internet depends have a broad following, but few people understand that, for aging projects with little glam, financial backers and code contributors alike have moved on to more stimulating challenges. Companies including IBM, Salesforce.com, HP, Adobe, Amazon, Bloomberg, and Google do support the Linux Foundation's Core Infrastructure Initiative, started after Heartbleed in May 2014. CII has raised $6 million, which Zemlin said is "not nearly enough." Stenn gets $7,000 a month from the fund, or $84,000 a year, to cover all the expenses of maintaining NTP, renting the data center space, and running the infrastructure required for support.

Next Page: Why synchronizing time matters

2 of 5