NTP's Fate Hinges On 'Father Time' - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Life
06:06 PM
Connect Directly

NTP's Fate Hinges On 'Father Time'

The Network Time Protocol provides a foundation to modern computing. So why does NTP's support hinge so much on the shaky finances of one 59-year-old developer?

(Image: Geralt via Pixabay)

(Image: Geralt via Pixabay)

The Release Before Christmas

Stenn told us his workload got a little heavier in October 2014, when Google security team member Chris Ries notified him that he had discovered a security risk in NTP. It was a buffer overflow in NTP autokey, the public key/private key authentication system used to verify downloaded code. Although no one was known to have used it yet, the vulnerability had the potential to let a hacker launch malicious code remotely through an NTP server.

Stenn said Google previously had made clear to him that it will publish vulnerabilities 90 days after notifying the party responsible for the code. Stenn felt the clock had started ticking, and he didn't ask for a waiver. He set to work, putting in 16 to 18 hours a day for 10 weeks to correct the defect and get a new release out before the 90 days were up. It would be upsetting to all NTP users to have a vulnerability aired with no fix in hand.

On Dec. 18, he posted news of the vulnerability on the support Web site, sent notices out on the NTP email list, and posted a fixed version of the code. For this effort, Stenn said he got a lot of feedback -- and not in a good way.

As best he can estimate, "I pissed off over a hundred thousand folks by announcing this fix" seven days before Christmas, he recalled. "Yow." People wanted more warning, and they accused him of favoritism and letting some people know about it sooner. It was tough, but also offered a deeper realization of the true position he was in.

One of Stenn's main pillars of support is the originator of NTP, Professor David Mills, "who knows more about NTP code than any other human being," said Stenn. In many cases, he checks with Mills before making changes to the code, in part because Mills has embedded comments in the code that should be checked with before the code is altered.

The core functionality of NTP is described as simple and straightforward. But Mills, in an interview with InformationWeek, said that other parts having to do with monitoring and control "are so complex that the whole thing falls apart if you change something."

Mills, 76, is long retired from teaching computer and electrical engineering at the University of Delaware, where he originated the first version of NTP. At this point, he is also blind and can't help Stenn review code. To Mills, NTP "was kind of a hobby" for many years, and Stenn got in early with good patches as he worked with NTP in his contract jobs, and did some of the thankless tasks like release manager. Asked if Stenn should get more support, Mills responded, "I didn't realize he was working on it full time."

"Dave never saw the need for the type of end-user support that we offer," said Stenn. "He has no patience to deal with people who need that sort of handholding."

Independent, outside contributors do still submit code to NTP, though they tend to focus on the single operating system version they like to work with. One expert, Poul-Henning Kamp, is working in Denmark "with great plans for a future implementation," said Stenn.

When it comes to fixing existing bugs and vulnerabilities, there's Stenn as the sole full-time code committer and a few volunteers he can coax into looking at specific problems.

Stenn clearly likes the work, though. He described himself as an introvert who loves resolving issues of time. At his home lab in Talent, he has four GPS receivers on the roof collecting the combined wisdom of 12 atomic clocks. When the question of taking vacations came up in our discussion, his wife Margaret, who's listening in in the background, issued a hearty laugh. Stenn said vacations are a trip to the movies a few times a year. "My wife thinks I'm insane," he said as an aside in a later email.

As Stenn looks to the future, he sees NTP undergoing further development, including possible coordination with PTP, so that NTP "could speak PTP" for those who need more precise time than NTP can deliver. Such a move will take lots of work, though, and Stenn says he'll need to cut back his hours drastically, and start consulting full time, unless the Linux Foundation and other donors support NTP's work.

"There is a need for support for the free public infrastructure," Stenn said. "But there's just no revenue stream around time right now. People scream if their clocks are off by a second. They say, "Yes, we need you, but we can't give you any money.'"

(Image: Geralt via Pixabay)

(Image: Geralt via Pixabay)

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
5 of 5
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 4 / 4
Doug Henschen
Doug Henschen,
User Rank: Moderator
3/12/2015 | 12:50:53 PM
Re: It's fine to send big money directly to NTF!
Keep up the good work, as best as you can as long as you can, but by all means cultivate a backup, particularly if Charlie's article helps spur more funding. This seems like it's too imporant to rest on your shoulders alone. What if you get hit by a truck? Too bad you can't set up a little tarrif for accessing NTP!
User Rank: Strategist
3/12/2015 | 12:33:55 PM
Typical of the way things are going
I think the problems noted here are symptomatic of a larger problem. It seems that everyone these days is focused on getting rich with the next "Yo!" app or shiny new wearable gizmo that nobody is worried about keeping the foundations on which all this new technology depends. If the industry as a whole does not come to grips with this problem soon I fear we are in for a rough time ahead.
User Rank: Ninja
3/12/2015 | 11:41:52 AM
Let it fail?
Companies will pay as little as they have to for any given service. Its not greed, its just their nature. They have been used to getting NTP for free for so long, they aren't likely to start coughing up funds out of the goodness of their hearts.

Harlan's efforts sound like they have been truly heroic, and at that heroic pace for a very long time. But I think he is flat out being taken advantage of, and will continue to be until he puts his foot down. Maybe just flat out refuse to work more than 15 or 20 hours per week on it, putting the rest of his time in to his consulting business or something. I know that $7k per month looks good on paper, but I gaurantee its not nearly as much in practice.

Let it fail. That will bring the needed attention as funding. Its harsh, and in many ways against the open source spirit, but the guy has been taken advantage of long enough. When Google and Apple and others aren't even chipping in a little bit, especially taking in to account the huge consideration he gave Apple, then the whole thing is just wrong.
User Rank: Moderator
3/12/2015 | 9:47:20 AM
Re: Are you ready to roll back the next Leap Second?
Very good article Charlie. One of the best I've read in a long time. Hopefully this stirs up some funds for Harlan and the project. I'm also surprised that academia hasn't jumped right back in on NTP.
Charlie Babcock
Charlie Babcock,
User Rank: Author
3/11/2015 | 11:02:50 PM
Are you ready to roll back the next Leap Second?
Harlan Stenn is the only person I know who has already laid plans to cope with the Leap Second that will need to be subtracted from the solar day on June 30, when the discrepancy  between UTC and TAI will reach 36 seconds. For that, I'm afraid we must call him Father Time, even though he doesn't much like the moniker. (Leap Seconds occur irregularly, averaging one every 18 months.)
User Rank: Apprentice
3/11/2015 | 6:58:32 PM
It's fine to send big money directly to NTF!
Wow, thanks for the great article, sir!

I've always considered myself either the "janitor of time" or maybe NTP's babysitter.

From my point of view, we want lots of companies and individuals to "join" Network Time Foundation.  We are also very happy to receive direct donations.  As long as we get enough donations from enough sources to meet the IRS Public Support Test we're happy, and all is well.

<<   <   Page 4 / 4
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Flash Poll