Hi Andreas. On 02-10-2012 21:32, Andreas Krüger wrote:
> A while ago, I installed ntpd on a Windows PC, to some location not easily > guessable, under a privileged user's account different from the unprivileged > one > I normally use, and I'm not sure that installation is in any user's PATH. Such > an installation would be difficult to verify with the "run ntpd" approach. I will try to emulate your instalation, but maybe it will work. We are recommending the Mainberg NTP installer for Windows in our website, and it installs the ntp daemon running with a new created user. The daemon runs under other user, but yet is possible for any user to run ntpq, or verify if ntpd is running in the process list. But, if ntpd and other binaries are outside the executable path it won't work. > Even worse: The ntpd program may run smoothly and keep the computer's time > precisely, yet, that ntpd may be configured in such a way that it reacts only > to > packets that answer queries it itself has sent. Such an installation would be > difficult to verify with any approach short of reading logs. > > These are extreme cases. The approach described can verify ntpd installation > in > the many more common cases. Yep. There are cases where our approach won't work. We are trying to test the installations that basically follows the instructions in our website. > It still does not suite my personal taste. Call it "German Angst". But I do > not > like the idea to allow some whatever from a web site out of the depths of the > internet to execute arbitrary programs on my computer. Ok. > Here are two more ideas I want to throw into the air. Both do without > execution > privileges for arbitrary programs on my PC. If anybody likes any of these > ideas, > catch them and run with them. > > First idea: If I thought that the output of ntpq is too cryptic, I would > consider to grab the sources of that program and add something like > > ntpq -c healthcheck > > This should give a cooked nice output comprehensible by an average user. > > Then I'd try to see whether this contribution gets accepted into the official > ntp distribution. It is a very good idea. Do you think there would be any chance something like this could be accepted in the official distribution? Besides this question, there is one more: most linux packages for ntp are using very old versions (4.2.4pn). I don't know why. Even if such contribution could be included in the distribution, I think it would take years for it to reach the computers. > Secondly, there is ntpd and there are a host of other time keeping solutions > out > there. One might want to universally verify any of these by the outcome: How > precise is my computer's clock? > > It would be useful, and is quite possible, to implement a simple ntp client > with > Javascript, based on web sockets. That client would be part of a web page that > gets served by some web server machine, a machine which also runs an ntp > server. > On browsing to that web page, the user would get immediate (or almost > immediate) > feed back: "Your PC's clock is slow by 4 minutes 21 seconds." Or something of > that sort. It would also be possible to use HTTP instead of NTP, for much > increased probability that this works through intervening firewalls, paid for > with a decrease in precision. We already have something similar to that: javascript "ajax" clocks that work as well as banners for our website: http://ntp.br/NTP/MenuNTPBanners But the accuracy is about 1s or 2s, and it is impossible to know for sure if the user has ntpd or not. We are not using websockets yet, but it seems a very good idea. > > Best regards all around, > > Andreas Talking about NTP measurements in general, if anyone is curious, we do some with Alexa top websites, measuring time accuracy via http: http://labs.ceptro.br/topsites/table.jsp?date=2012-09-29&datatype=sincronia_http&lang=enus and ntp (for those websites in the Alexa list that are also able to answer ntp queries): http://labs.ceptro.br/topsites/table.jsp?date=2012-09-29&datatype=sincronia_ntp&lang=enus Regards, Moreiras. _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
