Joseph Gwinn wrote:
Harlan,
On Sun, 01 Mar 2015 20:35:20 +0000, Harlan Stenn wrote:
Joseph Gwinn writes:
1. Slide titled "Known Bugs (2)": Has support for negative leap
seconds been restored in NTP v4? It wasn't clear.
Not yet. It's a tradeoff.
We've never needed to delete a leapsecond and depending on who you ask
it will probably never happen.
So long as UTC can do negative leaps, and the Earth is a wobbly clock,
the possibility is always with us.
I absolutely agree. It would have been better to fix this (in case it
didn't work) than to remove the code which supported negative leap seconds.
In the 7 year interval where no leap second was required/scheduled I
heard several people saying we might have needed a negative leap second.
Fortunately we didn't, but I still think it's better to prepare for it,
if possible than just ignore it and even remove existing support.
GPS can deal with it, even IEEE 1344 and C37.118 time codes can, but I'm
not sure if WWVB can. Anyway, I know the German DCF-77 transmitter has
no flag defined to announce a negative leap second, so there would be
major problems if one had to be inserted.
If we add the code to handle it, we increase complexity, potentially add
in a (pretty small) abuse vector (a bad actor could find a way to tell
your system to delete a second), and make some small demands on the test
framework that we want to have.
The abuse vector argument is pretty weak -- the attacker could just as
well add a leap second. In both cases, one is off by a second. So, I
would submit that it's support for leap seconds that provides the
attack surface, and the area of that surface is not reduced by
elimination of negative leap seconds.
Again, I strongly agree.
If we don't have it and we end up needing it, that causes different
problems.
There is a parallel issue about folks who cannot or do not upgrade their
software. Over 1100 issues were addressed between 4.2.6 and 4.2.8 and
people still think 4.2.6 should be "good enough" for them.
Certainly in my world, changing software is a big deal, because one
needs to rerun all the regression tests. Changing NTP isn't as big a
deal as changing the OS or the C++ compiler and/or libraries, but still
people are wary.
We've probably fixed about 3000 issues since 4.2.0 and people still run
that.
We don't have numbers for the number of bugs fixed between xntp3.5f,
xntp3-5.86.5, ntp-4.0, ntp-4.1.{0,1,2}, and ntp-4.2.0.
These older releases are still running out there, too.
And don't forget NTPv3 - bet lots of those still run.
Once people get a system to work, they don't tend to go fixing things
that ain't broke.
Yep.
Martin
--
Martin Burnicki
MEINBERG Funkuhren GmbH & Co. KG
Email: martin.burni...@meinberg.de
Phone: +49 (0)5281 9309-14
Fax: +49 (0)5281 9309-30
Lange Wand 9, 31812 Bad Pyrmont, Germany
Amtsgericht Hannover 17HRA 100322
Geschäftsführer/Managing Directors: Günter Meinberg, Werner Meinberg,
Andre Hartmann, Heiko Gerstung
Web: http://www.meinberg.de
_______________________________________________
LEAPSECS mailing list
LEAPSECS@leapsecond.com
https://pairlist6.pair.net/mailman/listinfo/leapsecs
