Or the fbi shuts off the power grid
The macbook my employer issued gains about 20 minutes a day when not synced. Easier to not replace it because oh look, the drive is soldered to the motherboard.
I’ve taken to calling it my crapbook. Really disappointed with the quality out of Apple lately.
-Bill
The one time I relied on the pool I lost sync a year later when all three servers the configuration picked withdrew time services and the still-running ntp client didn’t return to the names to find new ones. Wonderful if that’s fixed now but the pool folks argued just as strongly for using it back then.
Also, telling the security auditor that you have no idea who supplies your time source is pretty much a non-starter. You can convince them of a lot of things but you can’t convince them it’s OK to have no idea where critical services come from.
That’s what’s wrong with the pool.
Regards,
Bill Herrin
Na.
Battery backup and generators with days ~> weeks worth of fuel. }
Once upon a time, William Herrin <bill@herrin.us> said:
The one time I relied on the pool I lost sync a year later when all three
servers the configuration picked withdrew time services and the
still-running ntp client didn't return to the names to find new ones.
Wonderful if that's fixed now but the pool folks argued just as strongly
for using it back then.
Current versions of both ntpd and chrony support a "pool" config option
as an alternative to the "server" option, and I believe both will
monitor the reachability and quality of the sources and periodically
refresh from DNS.
��� Unless the Firemen turn your roof generator off because someone in the street yelled fire =D
Bill,
I did say today’s RTP chips
Although as a Mac user with multiple types, many not Internet-connected, I’ve never seen any lose minutes per day. You might have a dead clock battery.
-mel
What sort of products are people using to provide timing services to third parties in datacenters?
It’s not clear to me that there’s anything wrong with using the pool,
especially if you’re using our ‘pool’ directive in your config file.The one time I relied on the pool I lost sync a year later when all three servers the configuration picked withdrew time services and the still-running ntp client didn’t return to the names to find new ones. Wonderful if that’s fixed now but the pool folks argued just as strongly for using it back then.
Also, telling the security auditor that you have no idea who supplies your time source is pretty much a non-starter. You can convince them of a lot of things but you can’t convince them it’s OK to have no idea where critical services come from.
That’s what’s wrong with the pool.
Regards,
Bill Herrin–
I have only ever used the pool as a supplement to other servers. Here is a snippet from ntp.conf that was found in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard.’ *
External Time Synchronization Source Servers
server tick.usno.navy.mil # open access
server time.apple.com # open access
server Time1.Stupi.SE # open access
server ntps1-0.uni-erlangen.de # open access
server 0.pool.ntp.org # open access
server 1.pool.ntp.org # open access
server 2.pool.ntp.org # open access
server nist1-nj2-ustiming.org # open access
server nist1-chi-ustiming.org # open access
server nist1-pa-ustiming.org # open access
I have not kept up with pool changes since then.
*Apologies to Douglas Adams
The firemen & women that I've had the pleasure of working with did have more brains than that.
Despite their reputation of brute force, they do think.
They should
I tried to include time (i.e. Buiding Integrated Timing System) as part of the basic data center services (hvac, power, access control, etc) when I worked at Equinix many, many years ago. Your data center operator can install its GPS (or other time source) antennas, drive the building master clock, and distribute time to customers using several different protocols.
For folks with firewall/security concerns, the building master clock can drive non-Internet protocols (IRIG-B, IEE1588 PTP, etc) or connections in addition to NTP. You can still have your own NTP server. The difference is instead of a GPS antenna connection, your clock box uses the BITS
connection as one of the time sources.
Unfortunately, I was ahead of my time and customers (and sales people) didn't really understand the advantages. Yes, the DC operator can screw up the BITS just like the DC operator can screw up the power, hvac and access control systems. Everyone wanted a separate GPS antenna, and the sales people made more commission selling space on the antenna platform 
��� First sorry for the gender goof, I did a lazy analog translation from “pompiers”.
��� It is a true story that happened to a buddy of mine a few years back.
��� People saw smoke (diesel exhaust) coming from the roof of the building during a power outage and called 911.
��� They did follow protocol, and turn off both fuel and electrical system first :(.� The solution was to move them to his parking lot to make it more definitive where the smoke is coming from =D.
I recommend you replace the above 3 lines with:
pool CC.pool.ntp.org
where CC is an appropriate country code or region.
H
It's not clear to me that there's anything *wrong* with using the pool,
especially if you're using our 'pool' directive in your config file.The one time I relied on the pool I lost sync a year later when all
three servers the configuration picked withdrew time services and the
still-running ntp client didn't return to the names to find new ones.
Wonderful if that's fixed now but the pool folks argued just as strongly
for using it back then.
Were you using 'server' entries in your ntp.conf file or a 'pool' directive?
Also, telling the security auditor that you have no idea who supplies
your time source is pretty much a non-starter. You can convince them of
a lot of things but you can't convince them it's OK to have no idea
where critical services come from.
I'm not saying you *should* use the pool, or that you should *only* use
the pool. The pool *can* be used responsibly. And I suspect Ask and
his crew have documented things well enough that you could point an
auditor at the docs for the 'pool' directive and the monitoring efforts
that the Pool does, and between that and peering with your other
internal S2 sites and some well-chosen external site and perhaps some
local refclocks you would be in fine shape.
Harlan,
That is good advice.
Company($dayjob) no longer exists, but I will remember your advice next time I configure 4 or more Mac minis as an NTP peer group in my home office lab — I let the last configuration lapse as keeping up with Apple hardware and macOS changes was challenge enough and I no longer supported Network Time Services for any $dayjob or client.
The only other note is that, for Company($dayjob), I obtained explicit permission from each of a set of globally distributed time services (not shown above). I recommend that any new NTP peer group be configured with as diverse a set of servers as possible, not limited to just pool and not limited to a single connection type.
Thank you.
Jim
For timing if we lose the WWV stations and CDMA, then it seems the diversity plan is going to be a combination of US GPS, Galileo, and GLONASS disciplined sources.
well, if they all go down, here is my backup clock.
Brielle Bruns <bruns@2mbit.com>:
I've got a WWVB clock as well that I'd love to get hooked into my main NTP
server, but I worry they're going to finally kill that off in the next year
or so.
Alas, your WWVB clock is probably already almost useless except as a
wall decoration.
The modulation of the subsecond part of the WWVB signal changed in 2012. If
your clock is older than that, the best it can still do is pick up the
low-precision per-second tick.
Alejandro Acosta <alejandroacostaalamo@gmail.com>:
"The built in high sensitivity GPS receiver is able to lock multiple
satellites from within multiple buildings or from a window location*,
eliminating the requirement that an outdoor antenna be installed*."
Even relatively low-end GPS hardware can do this now.
That's my recipe for a GPS-based Stratum 1 server built from a RasPi and
any one of several generally-available GPS daughterboards. Cost less than
$100.
A window location works just fine. I have six of these on the
windowsill above my desk - they're my test fleet for NTPsec. The trees
near the outside of that window aren't a problem, and while it isn't
*guaraneed* that you have a 4-satellite lock at any ven time periods
of no tracking tend to be short.
Mel Beckman <mel@beckman.org>:
It’s hard to consider messing with signal converters and pricey remotely-powered active antennas when you can solve the problem for $300.
The recipe I posted a link to upthread is cheaper.