Re: [chrony-dev] Chrony and leap-second table expiration

Since 2016 it has not mattered if you used an expired file, since the file has not changed since then. I think the expiry date is simply next Jun or Dec from when the file was issued since that is when the next leapsecond could occur. For the past 14 issues of the file, the only thing that has

Re: [chrony-dev] SOCK refclock system time resolution

Are you sure there is any point in nanosecond reporting? Ie, I would suspect that the uncertainty in those times is at best microsecond anyway, so nanosecond reporting is unwarrented accuracy. (Ie, it takes a microsecond to determine the local clock time anyway) William G. Unruh __| Canadian

Re: [chrony-dev] nts_ke_server calling UTI_GetRandomBytesUrandom

Are you stating that /dev/urandom is not available on the machine you are using? You are using Linux I believe. What version of Linux does not have /dev/urandom. Note that /dev/random, which should also be available, should not be used. It has the same strength as urandom, but can block

Re: [chrony-dev] nts_ke_server calling UTI_GetRandomBytesUrandom

nd Gravity __|_ www.theory.physics.ubc.ca/ On Tue, 2 Aug 2022, Bill Unruh wrote: [CAUTION: Non-UBC Email] Does the added "randomness" need to be crypographically secure or does it just need to be messed up. Ie is there some attack that someone could lauch against chrony if they could predict the random

Re: [chrony-dev] nts_ke_server calling UTI_GetRandomBytesUrandom

Does the added "randomness" need to be crypographically secure or does it just need to be messed up. Ie is there some attack that someone could lauch against chrony if they could predict the random stream for that fuzz in the timestamps? If not then using the full force of

Re: [chrony-dev] Pathological behavior of chrony's clock discipline algorithm under starvation

a problem as fast linear error accumulation, but they're still a problem. On 6/9/22, 12:22 PM, "Bill Unruh" wrote: CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.

Re: [chrony-dev] Pathological behavior of chrony's clock discipline algorithm under starvation

You are suggesting "improvements" to a chrony misbehaviour that no longer exists in the newer versions. Use a newer version and see if you can duplicate the problem. Fixing non-existant problems is sure to introduce new problems. William G. Unruh __| Canadian Institute for| Tel:

Re: [chrony-dev] Frequency transfer in NTP

I am a bit confused. I thought that chrony delivered its best estimate of the time now, which might be different from the time actually shown by the system clock, because it was still in the process of being corrected. So, if it decided that the time, from the best fit, now was 12:00:00.

Re: [chrony-dev] Frequency transfer in NTP

William G. Unruh __| Canadian Institute for| Tel: +1(604)822-3273 Physics _|___ Advanced Research _| Fax: +1(604)822-5324 UBC, Vancouver,BC _|_ Program in Cosmology | un...@physics.ubc.ca Canada V6T 1Z1 | and Gravity __|_ www.theory.physics.ubc.ca/ On Fri, 29 Jan 2021,

Re: [chrony-dev] logdir permissions

William G. Unruh __| Canadian Institute for| Tel: +1(604)822-3273 Physics _|___ Advanced Research _| Fax: +1(604)822-5324 UBC, Vancouver,BC _|_ Program in Cosmology | un...@physics.ubc.ca Canada V6T 1Z1 | and Gravity __|_ www.theory.physics.ubc.ca/ On Fri, 2 Oct 2020,

Re: 回复: Re: [chrony-dev] Issue about chronyd synchronize to local clock

Actually I made a silly mistake. The printers should be set up. At present, the LL2pcl is the default printer. But if that does not work, try the LL2raster printer instead. William G. Unruh __| Canadian Institute for| Tel: +1(604)822-3273 Physics _|___ Advanced Research _| Fax:

Re: Re: [chrony-dev] Issue about chronyd synchronize to local clock

several hours and will not become synchronized any more.   From: Bill Unruh Date: 2020-06-25 23:10 To: chrony-dev Subject: Re: Re: [chrony-dev] Issue about chronyd synchronize

Re: Re: [chrony-dev] Issue about chronyd synchronize to local clock

d any more.   From: Bill Unruh Date: 2020-06-25 23:10 To: chrony-dev Subject: Re: Re: [chrony-dev] Issue about chronyd synchronize to local clock   On Thu, 25 Jun 2020, xqmen...@hotmail.com wrote:   >    Is there a way or some configur

Re: Re: [chrony-dev] Issue about chronyd synchronize to local clock

On Thu, 25 Jun 2020, xqmen...@hotmail.com wrote:    Is there a way or some configuration to make chronyd client always successfully synchronize to itself. Why? Your database program is designed to only work if the system clock is synchronized to UTC. It seems that you want to break that,

Re: Re: [chrony-dev] Issue about chronyd synchronize to local clock

'NTP synchronization status yes' tells the kernel to copy the system time to the RTC every 11 minutes. It does not simply report that it thinks that the system time is synchronized to NTP. Your author of the database software did not really know what he/she was doing. 'server 127.0.0.1

Re: [chrony-dev] Experimental NTS support

On Thu, 11 Jun 2020, Miroslav Lichvar wrote: On Wed, Jun 10, 2020 at 05:03:52PM -0400, Watson Ladd wrote: On Wed, Jun 10, 2020 at 9:19 AM Miroslav Lichvar wrote: Right. We would need to relicense the code. That would require consent from Richard Curnow and all the contributors. If someone

Re: [chrony-dev] Experimental NTS support

, Watson Ladd wrote: On Wed, Jun 10, 2020 at 9:19 AM Miroslav Lichvar wrote: On Tue, Jun 09, 2020 at 01:27:03AM -0700, Bill Unruh wrote: On Tue, 9 Jun 2020, Miroslav Lichvar wrote: On Tue, Jun 09, 2020 at 12:21:41AM +0200, Vincent Blut wrote: I must admit CVE-2020-13777 [1] has cooled me

Re: [chrony-dev] Experimental NTS support

On Tue, 9 Jun 2020, Miroslav Lichvar wrote: On Tue, Jun 09, 2020 at 12:21:41AM +0200, Vincent Blut wrote: I must admit CVE-2020-13777 [1] has cooled me down a lot about GnuTLS. OpenSSL 3.0 (currently in alpha stage) will use the Apache License 2.0 which isn’t compatible with the GPLv2. Sigh,

Re: [chrony-dev] chronyd systemd ehancement patch submition

On Tue, 25 Feb 2020, Nicolas Bouchinet wrote: I allow myself to answer the questions asked during the previous discussion. Capabilities are needed to bind to a privileged port and adjust the system clock, but chronyd does other things on start that require root privileges, e.g. create

Re: [chrony-dev] chronyd and hwclock

is what is doing it. -Dustin On Sat, Feb 22, 2020 at 7:15 PM Bill Unruh wrote: If I run chronyc, I get the following from hwclock [root]>hwclock --verbose hwclock from util-linux 2.33.2 System Time: 1582419894.572200 Trying to open: /dev/rtc0 No usable clock interface found. hwclock: Can

Re: [chrony-dev] chronyd and hwclock

No, I do not. On Sat, 22 Feb 2020, Dustin Marquess wrote: I'm guessing you have the rtcsync option enabled in chrony.conf. That probably is what is doing it. -Dustin On Sat, Feb 22, 2020 at 7:15 PM Bill Unruh wrote: If I run chronyc, I get the following from hwclock [root]>hwcl

[chrony-dev] chronyd and hwclock

If I run chronyc, I get the following from hwclock [root]>hwclock --verbose hwclock from util-linux 2.33.2 System Time: 1582419894.572200 Trying to open: /dev/rtc0 No usable clock interface found. hwclock: Cannot access the Hardware Clock via any known method. Does chronyd purposely block

Re: [chrony-dev] Upstream systemd change to PIDFile location in service unit

On my systemd system (Mageia 6) it is /run/chrony.pid and /run/chrony/chrony.sock and /var/run points to /run The /lib/systemd/system/chronyd.service file is --- [Unit] Description=NTP client/server After=ntpdate.service sntp.service ntpd.service

Re: [chrony-dev] [PATCH v3] main: add -X to fall back if time is not adjustable

[17:25] * cpaelzer fails at explaining it seems [17:25] if you deploy chrony to a random system If you have a random system and you have no idea whether or not its clock is good or a complete piece of merde, why would you want it acting as a server for anything? That is liable to cause mass

Re: [chrony-dev] [PATCH] main: imply -x if time can't be set

... concept of a time namespace in the future. For most non-namespaced resources applications that are expected to run in user namespaces (systemd, lxc, etc.) follow the concept of "seek forgiveness, not permission" meaning one should usually check whether an operation is That, for a program,

Re: [chrony-dev] chrony after start/wake up

On Tue, 28 Nov 2017, Gerriet M. Denkmann wrote: I noticed that it takes chrony about 20 - 40 minutes after start/wake up to settle down to a plausible value for frequency. (The offsets are fine after about 10 minutes - and not too bad before this). What is your poll range? The default for

Re: [chrony-dev] new feature request: add "fast" and "slow" to "clock wrong" and "clock stepped" log messages

William G. Unruh __| Canadian Institute for| Tel: +1(604)822-3273 Physics _|___ Advanced Research _| Fax: +1(604)822-5324 UBC, Vancouver,BC _|_ Program in Cosmology | un...@physics.ubc.ca Canada V6T 1Z1 | and Gravity __|_ www.theory.physics.ubc.ca/ On Tue, 14 Nov 2017,

Re: [chrony-dev] new feature request: add "fast" and "slow" to "clock wrong" and "clock stepped" log messages

. You are requesting something further. You are also requesting a change in the value that is reported, not just making the sign of the error clearer. I am in perfect agreement with the request for making the meaning of the sign clearer. I am (perhaps) not in agreement with the value you want r

Re: [chrony-dev] new feature request: add "fast" and "slow" to "clock wrong" and "clock stepped" log messages

, James Feeney wrote: On 11/09/2017 02:22 PM, Bill Unruh wrote: That is unclear. Chrony knows that it is out by a certain amount. That is why it is slewing the clock, and in a few seconds or minutes the system time will be exactly what it thinks NTP time is. It now finds it is out by a second. Does

Re: [chrony-dev] new feature request: add "fast" and "slow" to "clock wrong" and "clock stepped" log messages

William G. Unruh __| Canadian Institute for| Tel: +1(604)822-3273 Physics _|___ Advanced Research _| Fax: +1(604)822-5324 UBC, Vancouver,BC _|_ Program in Cosmology | un...@physics.ubc.ca Canada V6T 1Z1 | and Gravity __|_ www.theory.physics.ubc.ca/ On Thu, 9 Nov 2017,

Re: [chrony-dev] Using Linux Capabilities

On Thu, 9 Nov 2017, Bryan Christianson wrote: On 9/11/2017, at 11:17 AM, Michael Cashwell wrote: It sounds like a “more standard” approach would be: 1: chronyd is started by the OS at boot in local mode (eg: no upstream time sources) and in an inert state where it

Re: [chrony-dev] new feature request: add "fast" and "slow" to "clock wrong" and "clock stepped" log messages

On Tue, 7 Nov 2017, James Feeney wrote: On 11/06/2017 09:17 AM, Miroslav Lichvar wrote: From the other suggestions that have been made, I liked best "was stepped backward/forward". That's good too. For example, if the initial offset was 5 seconds and the system clock was already corrected

Re: [chrony-dev] new feature request: add "fast" and "slow" to "clock wrong" and "clock stepped" log messages

On 10/30/2017 02:42 PM, Bill Unruh wrote: On Mon, 30 Oct 2017, James Feeney wrote: On 10/30/2017 05:07 AM, Miroslav Lichvar wrote: existing scripts that parse the log I am not familiar with any of those scripts - who parses chrony log files? - so my initial reaction

Re: [chrony-dev] Using Linux Capabilities

I guess I am confused about your intial situation. chronyd is designed so as to be running continually, not for starting or stopping. Thus it is started in the Linux startup by initd or its equivalent and runs forever thereafter. It does have the offline and online commands which can be

Re: [chrony-dev] "leapsectz" and leapsecond announce (was:refclock: Add a new "tai" option)

William G. Unruh __| Canadian Institute for| Tel: +1(604)822-3273 Physics _|___ Advanced Research _| Fax: +1(604)822-5324 UBC, Vancouver,BC _|_ Program in Cosmology | un...@physics.ubc.ca Canada V6T 1Z1 | and Gravity __|_ www.theory.physics.ubc.ca/ On Thu, 12 Oct 2017,

Re: [chrony-dev] [PATCH v2 2/2] refclock: Add a new "tai" option

It is also possible that a leap second is subtracted rather than added, and the code should take that into account. (But by now, it is doubtful that any negative leap seconds will occur in the future, unless perhaps there are a bunch of really powerful earthquakes which change the moment of

RE: [chrony-dev] Chrony 3.0-pre1 fails to send or receive data from socket on FreeBSD

! The test with chrony 3.0-pre1 is also using the same /etc/chrony.conf. OK, sorry to have made a silly observation. I note that Miroslav seems to have found the problem. Adri. -Original Message- From: Bill Unruh [mailto:un...@physics.ubc.ca] Sent: woensdag 14 december 2016 16:58 To: chrony

Re: [chrony-dev] Chrony 3.0-pre1 fails to send or receive data from socket on FreeBSD

William G. Unruh __| Canadian Institute for| Tel: +1(604)822-3273 Physics _|___ Advanced Research _| Fax: +1(604)822-5324 UBC, Vancouver,BC _|_ Program in Cosmology | un...@physics.ubc.ca Canada V6T 1Z1 | and Gravity __|_ www.theory.physics.ubc.ca/ On Wed, 14 Dec 2016,

Re: [chrony-dev] Nanosecond timestamps

In addition to the kernel, I disable eee and interrupt coalescing on the network interfaces. Oh, I knew ethernet has some power saving features, but I didn't realize they could increase latency/jitter. I'll need to experiment with this :). As for interrupt coalescing, it can help

Re: [chrony-dev] Documentation patch

: On Sat, Oct 22, 2016 at 05:46:53AM -0700, Bill Unruh wrote: Probably. I am a bit confused why asciidoctor would be used instead of, the seeming more prevalant, asciidoc, or either, set up by configure after testing what the system has. asciidoc is an older and well-known implementation

Re: [chrony-dev] Documentation patch

On Sat, 22 Oct 2016, Rune Magnussen wrote: Hi When trying to install chrony from source, I found out that the README refered to INSTALL which does not exist. Also asciidoctor is needed during install. here is a patch to fix the docs. Not at all sure where you are getting your source for

Re: [chrony-dev] crash when overloading refclock_sock

Did you really have 23 samples come at the same time to a nanosec? I have no idea how that is evan possible. Or did you artificially swamp the refclock shm? William G. Unruh __| Canadian Institute for| Tel: +1(604)822-3273 Physics _|___ Advanced Research _| Fax: +1(604)822-5324 UBC,

Re: [chrony-dev] Retention of sources' measurement history

I think you might havee to be a bit more detailed in describing what the problem is that you feel is occuring. Which old measurements? What would cause them to go stale and why would that be a problem? William G. Unruh __| Canadian Institute for| Tel: +1(604)822-3273 Physics _|___ Advanced

Re: [chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 2.4-9-g6cd5583

2016, Miroslav Lichvar wrote: On Thu, Jun 30, 2016 at 08:32:16AM -0700, Bill Unruh wrote: One really weird effect I found was that I have one machine connected to a Sure GPS, which seems to have quite a large fluctuation. (or for which the interrupt processing seems to have a large fluctuation

Re: [chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 2.4-9-g6cd5583

2016, Miroslav Lichvar wrote: On Thu, Jun 30, 2016 at 08:02:53AM -0700, Bill Unruh wrote: Another question is what one takes as the "no-assymmetry" delay ( ie the minimum delay). The lowest delay? Ovr what time period? Can one imagine weird situations in which the minimum is a bad esti

Re: [chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 2.4-9-g6cd5583

hu, 30 Jun 2016, Miroslav Lichvar wrote: On Wed, Jun 29, 2016 at 08:04:44AM -0700, Bill Unruh wrote: On Wed, 29 Jun 2016, Miroslav Lichvar wrote: I'm very interested in implementing some estimation of the asymmetry to chrony. I'd like to allow any slope between -0.5 and 0.5, not just one of the th

Re: [chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 2.4-9-g6cd5583

2016, Miroslav Lichvar wrote: On Tue, Jun 28, 2016 at 07:58:40AM -0700, Bill Unruh wrote: Is there some way to automate the determination of the best offset and slope correction to apply due to network assymetries. If one plots the offset vs the delay, one often gets a scatter plot in which

Re: [chrony-dev] replace md5 with SHA

the server to use sha1. I don't want tomcrypt coz I already have wolf SSL on my diy embedded system and flash space is of utmost importance. Earlence On Jun 12, 2016 12:09 AM, "Bill Unruh" <un...@physics.ubc.ca> wrote: The hash HAS to be shared  between server and clie

Re: [chrony-dev] Wake from sleep on OS X

On Wed, 2 Dec 2015, Bryan Christianson wrote: On 2/12/2015, at 10:40 AM, Bill Unruh <un...@physics.ubc.ca> wrote: William G. Unruh | Canadian Institute for| Tel: +1(604)822-3273 Physics | Advanced Research | Fax: +1(604)822-5324 UBC, Vancouver,BC | Program in Cos

Re: [chrony-dev] [PATCH] MacOS X - Drop root privilege

Also, is it MacOS X or Mac OS X? Wikipedia suggests the latter. It is OS X according to the Apple Web page. Mac is the computer it runs on. -- To unsubscribe email chrony-dev-requ...@chrony.tuxfamily.org with "unsubscribe" in the subject. For help email

RE: [chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 2.1.1-89-g3cd32ed

If the clock is too far behind or ahead, doesn't chrony already step the clock? I don't think it makes sense to try and slew for a large difference. This should normally only occur on boot or when chrony has been disconnected from any source for a long time. How large an interval it tries to

RE: [chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 2.1.1-89-g3cd32ed

. Adri. -Original Message- From: Miroslav Lichvar [mailto:mlich...@redhat.com] Sent: vrijdag 18 september 2015 13:36 To: chrony-dev@chrony.tuxfamily.org Subject: Re: [chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 2.1.1-89-g3cd32ed On Thu, Sep 17, 2015 at 11:04:07AM -0700, Bill Unruh

Re: [chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 2.1.1-89-g3cd32ed

commit 1b2510e4b260eed2e7fef9e539cd031bd89898c9 Author: Miroslav Lichvar Date: Tue Sep 15 15:24:28 2015 +0200 sys_linux: use timex driver Remove functions that are included in the new timex driver. Keep only functions that have extended functionality, i.e. read

Re: [chrony-dev] chronyd not recovering after time stepped.

Hopefully spikes do not occur frequently (there would be more fundamental problems if they are frequent) and I think 60 secs is not a long time to wait for the current cycle to complete at which time the new drift would be applied. The machine itself should not spike, unless some

Re: [chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 2.0-13-g0abdc2a

On Tue, 2 Jun 2015, Miroslav Lichvar wrote: On Tue, Jun 02, 2015 at 07:00:12AM -0700, Bill Unruh wrote: I am very uncomfortable with these kinds of leap smoothing procedures. In particular, since there is no standard as to the smoothing, this risks instability as a whole variety of "smo

Re: [chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 2.0-13-g0abdc2a

William G. Unruh | Canadian Institute for| Tel: +1(604)822-3273 Physics | Advanced Research | Fax: +1(604)822-5324 UBC, Vancouver,BC | Program in Cosmology | un...@physics.ubc.ca Canada V6T 1Z1 | and Gravity | www.theory.physics.ubc.ca/ - Log

Re: [chrony-dev] timepps.h and pps support in chrony

2015, Miroslav Lichvar wrote: On Tue, Apr 28, 2015 at 10:49:53AM -0700, Bill Unruh wrote: PPS support-- pps support is reliant on timepps.h being available in either /usr/include or /usr/include/sys (those are what are tested by configure), but the kernel people do not supply timepps.h. I vaguely

[chrony-dev] Re: permissions and chronyc

And now it works properly. Weird. Anyway, sorry for the false alarm. On Tue, 28 Apr 2015, Bill Unruh wrote: Sorry, wrong subject for this query on previous post. I am having very weird problems with chronyc on one of my machines. I installed 1.31.1 . Permissions on /etc/chrony.conf

[chrony-dev] permissions and chronyc

Sorry, wrong subject for this query on previous post. I am having very weird problems with chronyc on one of my machines. I installed 1.31.1 . Permissions on /etc/chrony.conf and /etc/chrony.keys are root.chrony rw-r- chrony.conf root.chrony rw-r- chrony.keys Now I would expect that

[chrony-dev] Re: timepps.h and pps support in chrony

I am having very weird problems with chronyc on one of my machines. I installed 1.31.1 . Permissions on /etc/chrony.conf and /etc/chrony.keys are root.chrony rw-r- chrony.conf root.chrony rw-r- chrony.keys Now I would expect that password in chronyc or chronyc -a would not work (

Re: [chrony-dev] tracking report when not connected to anything misleading

On Tue, 28 Apr 2015, Miroslav Lichvar wrote: On Mon, Apr 27, 2015 at 08:56:22AM -0700, Bill Unruh wrote: I am noticing a strange behaviour. Using server pool.ntp.org iburst in /etc/chrony.conf I get if I run chronyc and then sourcestats 210 Number of sources = 1 Name/IP Address

Re: [chrony-dev] Drop cmdmon authentication?

Oops forgot to say chrony-1.31 On Mon, 27 Apr 2015, Bill Unruh wrote: I am confused about the command key and the generatecommandkey command. I get 1 SHA HEX: followed by a stream of random digits ending with FEB14. But I now have no idea how to use this to control chronyd. If I enter

Re: [chrony-dev] Drop cmdmon authentication?

I am confused about the command key and the generatecommandkey command. I get 1 SHA HEX: followed by a stream of random digits ending with FEB14. But I now have no idea how to use this to control chronyd. If I enter the string HEX: I get "Reply not authenticated". Ie, I have no idea

[chrony-dev] tracking report when not connected to anything misleading

I am noticing a strange behaviour. Using server pool.ntp.org iburst in /etc/chrony.conf I get if I run chronyc and then sourcestats 210 Number of sources = 1 Name/IP AddressNP NR Span Frequency Freq Skew Offset Std Dev

Re: [chrony-dev] Drop cmdmon authentication?

On Mon, 13 Apr 2015, Miroslav Lichvar wrote: While I was dealing with the latest security bugs I wondered how useful these days it really is to have support for remote administration via authenticated cmdmon and if it's not just increasing the chronyd attack surface unnecessarily. Does anyone

Re: [chrony-dev] Fw: leap seconds correction

On Wed, 12 Feb 2014, Miroslav Lichvar wrote: On Wed, Feb 12, 2014 at 02:14:06AM +0100, Marek Behun wrote: http://www.ucolick.org/~sla/leapsecs/right+gps.html The last two paragraphs on that page imply that chrony smears the leap second, that's not true. Similarly to ntpd, it just tells the

Re: [chrony-dev] Fw: leap seconds correction

On Sun, 9 Feb 2014, Marek Behun wrote: Hi, I think there is a little misunderstanding here. I do not want to not use leap seconds. I fully understand why they are applied and how the systems work now. Again I suggest to read the first post at http://forums.gentoo.org/viewtopic-t-980486.html

Re: [chrony-dev] Fw: leap seconds correction

On Sun, 9 Feb 2014, Marek Behun wrote: Hello. I would like to see a new feature in chrony. In accordance to http://www.ucolick.org/~sla/leapsecs/right+gps.html , something like openrdate's -c flag: Correct leap seconds. Sometimes required when synchronizing to an NTP server. When

Re: [chrony-dev] GCC issue

You need the fprintf()<0 since fprintf almost always returns a non-zero number. Only if it is negative is it an error. I have no idea why the bitwise or would fail. On Tue, 21 Jan 2014, Miroslav Lichvar wrote: On Tue, Jan 21, 2014 at 11:25:09AM +0100, H�kan Johansson wrote: The second call

Re: [chrony-dev] Traffic amplification with chrony commands

On Fri, 17 Jan 2014, John Hasler wrote: Miroslav Lichvar writes: Hm, that's an interesting idea, to require password for all commands if it's not from localhost and keep it as it is for localhost. It wouldn't break compatibility and most of the users probably wouldn't even notice it. That's

Re: [chrony-dev] Traffic amplification with chrony commands

On Fri, 17 Jan 2014, Miroslav Lichvar wrote: On Fri, Jan 17, 2014 at 06:15:16PM +0100, H�kan Johansson wrote: With the information collection problem for an attacker above, it is probably so that also a much cheaper pseudo-random number generator could be used instead of MD5. Say that one

Re: [chrony-dev] Traffic amplification with chrony commands

On Fri, 17 Jan 2014, Miroslav Lichvar wrote: On Thu, Jan 16, 2014 at 07:50:33PM +0100, H�kan Johansson wrote: I would suggest what I think is called a nonce value. I think that's what ntpd uses with the new mrulist command. The advantage over the simple padding approach would be saved

Re: [chrony-dev] Traffic amplification with chrony commands

or remote chronyc are treated the same say, AFAIK. Also the above would require a fair amount of work to impliment properly. Cheers, H�kan On Thu, 16 Jan 2014, Miroslav Lichvar wrote: On Mon, Jan 13, 2014 at 03:13:44PM -0800, Bill Unruh wrote: > How is chrony on the amplification attacks l

[chrony-dev] Re: [chrony-users] Run chrony without acting as a NTP server

How is chrony on the amplification attacks like those against ntpd? As I understand it, the server queries can return far more information (ie many more bytes) than is in the query packet. This allows an attacker to send queries to ntpd with someone else's IP address in the slot, so ntpd will

Re: [chrony-dev] Poll adjust after long time unreachable?

On Mon, 19 Aug 2013, Miroslav Lichvar wrote: On Fri, Aug 16, 2013 at 11:07:04AM -0700, Bill Unruh wrote: On Fri, 16 Aug 2013, Miroslav Lichvar wrote: One reason for a larger number of missed polls might be overloaded server. If all clients dropped to minpoll immediately, it would only make

[chrony-dev] Poll adjust after long time unreachable?

I was just looking at adjust_poll in ntp_core.c and am confused by some of the lines there. } else if (inst->local_poll > inst->maxpoll) { inst->local_poll = inst->maxpoll; inst->poll_score = 1.0; } So if local_poll is larger that maxpoll, it is clamped to maxpoll, but poll_score is

Re: [chrony-dev] Chrony-1.28-pre1 released

On Mon, 1 Jul 2013, Miroslav Lichvar wrote: On Mon, Jun 24, 2013 at 04:33:14AM -0700, Bill Unruh wrote: A few corrections needed in chrony.spec a)It does not seem to like the - in -pre1. It should probably be replaced with _pre1. Ie, the package should be renames to chrony-1.28_pre1 rather

Re: [chrony-dev] Bug -- interaction between ntpdate and chronyd at bootup -- will never sync up

On Tue, 5 Feb 2013, ray vantassle wrote: Weird. Maybe you should have chrony come up before then, which would block the port for ntpdate. I just tested that. Ntpdate works just fine while chrony is running. There is no "port to block". Ntpdate doesn't listen on any port, it only establishes

Re: [chrony-dev] Bug -- interaction between ntpdate and chronyd at bootup -- will never sync up

You could just start chrony earlier and as you say, tell it to do a makestep if the time is way off. I can certainly see why chrony gets totally confused if it thinks that the clock rate is out by over 90 PPM. Perhaps it should just exit at that point. It is not clear what a reasonable

Re: [chrony-dev] Bug -- interaction between ntpdate and chronyd at bootup -- will never sync up

On Sun, 3 Feb 2013, ray vantassle wrote: Debian system, without a RTC. So at bootup the time is zero. At startup, 32 seconds into startup, /etc/network/if-up.d/ntpdate invokes ntpdate-debian, which starts a ntpdate which takes about 14 seconds to finish. So why are you using ntpdate?

Re: [chrony-dev] Chrony stuck in an endless loop

It seems that the only place that the RGR_FindBestRobustRegression is used in in rtc.c and manual.c It seems that it is estimating the standard deviation of slope and getting essentially zero for that, which gives a tiny value for incr. Perhaps the lines setting incr could be changed to if

[chrony-dev] chrony as reference?

Is there some way of telling chrony to use certain sources not as candidates for the selected sever but rather simply as references? Ie, chony queries ths sources as usual, and goes through all the calculations, but then does not use it as a selected source even if it usually would? Ie,

Re: [chrony-dev] Slow bootup with git

On Wed, 25 Apr 2012, Håkan Johansson wrote: On Wed, 25 Apr 2012, Bill Unruh wrote: On Wed, 25 Apr 2012, Ed W wrote: > On 24/04/2012 11:17, Miroslav Lichvar wrote: > > On Tue, Apr 17, 2012 at 09:07:08AM -0700, Bill Unruh wrote: > > > Mind you the rtc should not

Re: [chrony-dev] Slow bootup with git

On Wed, 25 Apr 2012, Ed W wrote: On 24/04/2012 11:17, Miroslav Lichvar wrote: On Tue, Apr 17, 2012 at 09:07:08AM -0700, Bill Unruh wrote: > Mind you the rtc should not take 8 sec to read (it will take a couple, > so > perhaps most of that time is chrony starting up), so it is

Re: [chrony-dev] Slow bootup with git

On Mon, 23 Apr 2012, Ed W wrote: On 17/04/2012 17:07, Bill Unruh wrote: Why not do the hwclock stuff (it is not clear to me that the hwclock is not more accurate than chrony at estimating the rate error of the rtc nowadays) I wanted to make use of the estimated drift feature of chrony

Re: [chrony-dev] Running chronyd without syncing system clock

On Fri, 24 Feb 2012, Leo Baltus wrote: I am not saying that multiple processes should serve a single clock. Let me try some good old ascii art: uplink local nets pool --- ntp-only-server1 --- ntp-client ntp-only-server2 ---

Re: [chrony-dev] Running chronyd without syncing system clock

On Thu, 23 Feb 2012, Ed W wrote: On 23/02/2012 08:24, Leo Baltus wrote: Op 22/02/2012 om 23:07:51 +, schreef Ed W: In our setup we do not like to pin a service to a specific piece of hardware. If, for some reason, a service should run elsewhere we just stop it en start it elsewhere.

Re: [chrony-dev] automatic RTC trimming

On Wed, 15 Feb 2012, Miroslav Lichvar wrote: On Tue, Feb 14, 2012 at 09:37:35AM -0800, Bill Unruh wrote: On Mon, 13 Feb 2012, Miroslav Lichvar wrote: - track long-term drift: always keep a maximum number of samples (disable the runs test), increase the maximum measurement interval or do RTC

Re: [chrony-dev] automatic RTC trimming

On Mon, 13 Feb 2012, Miroslav Lichvar wrote: It seems some Linux distributions no longer call hwclock --systohc on shutdown (e.g. Fedora with systemd as init), so I'm wondering if it would be possible to use the -s option by default and also have some automatic RTC trimming to keep it

Re: [chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 1.26-31-g19b3c5b

On Fri, 3 Feb 2012, Miroslav Lichvar wrote: On Fri, Feb 03, 2012 at 08:59:09AM -0800, Bill Unruh wrote: On Fri, 3 Feb 2012, Miroslav Lichvar wrote: Let me know if you think there are other useful values that should be added. Also, I'm wondering if it would be a good idea to show "S

[chrony-dev] timepps.h and chrony

Perhaps it would be a good idea to include the file timepps.h into the chrony source files, and use it instead of the one that is supposed to be in /usr/include. a)It seems on a variety of systems, timepps.h is in a variety of places (eg /usr/include/linux instead of /usr/include where chrony

Re: [chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 1.26-26-g9a01ccc

is the typical time scale over which chrony keeps the data to fit the linear regression to? What is the polling period? On Tue, 15 Nov 2011, Miroslav Lichvar wrote: On Tue, Nov 15, 2011 at 10:32:28AM -0800, Bill Unruh wrote: The graphs of the clock offset now look much nicer too: http

Re: [chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 1.26-26-g9a01ccc

On Tue, 15 Nov 2011, Miroslav Lichvar wrote: On Tue, Nov 15, 2011 at 06:55:18PM +0100, g...@tuxfamily.net wrote: Add corrtimeratio directive The corrtimeratio directive controls the ratio between the duration in which the clock is slewed for an average correction according to

Re: [chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 1.26-26-g9a01ccc

I am a bit confused both about the reason for and the details of this alteration. chrony determines both the offset error and the frequency error. It corrects the frequency error immediately, and then adjusts the frequency to eliminate the offset error. I am not sure what the reason is behind

Re: [chrony-dev] Support for another crypto hash?

On Mon, 7 Nov 2011, Ed W wrote: On 07/11/2011 12:57, Miroslav Lichvar wrote: On Sat, Nov 05, 2011 at 04:39:10PM +, Ed W wrote: Hi I couldn't find a specification for the extended format. I think it's RFC2307. However, I am slightly confused on where it's implemented. I think glibc

Re: [chrony-dev] Question / Feature suggestion - trimrtc on start?

On Mon, 25 Jul 2011, Miroslav Lichvar wrote: On Fri, Jul 22, 2011 at 04:40:58PM +0100, Ed W wrote: Wouldn't it be better to make the step as early in the boot as possible and not care about its size? Definitely. Actually I can easily adjust my boot scripts to run chrony instead of hwclock -

Re: [chrony-dev] Question / Feature suggestion - trimrtc on start?

On Wed, 20 Jul 2011, Ed W wrote: Possibly more succinctly: a) I want to step rtc to track real time (since it's entwined with booting) You could do the 11 min mode. That would mean that the offset was always very very close to zero when the device is switched off, but the rate is unknown.

Re: [chrony-dev] Question / Feature suggestion - trimrtc on start?

On Wed, 20 Jul 2011, Miroslav Lichvar wrote: On Wed, Jul 20, 2011 at 05:24:35AM -0700, Bill Unruh wrote: trimrtc is supposed to occur such that the algorithm to determine the rtc drift rate compensates for the change in rtc caused by the trinrtc (all entries in the prior rtc measurement table

Re: [chrony-dev] Question / Feature suggestion - trimrtc on start?

On Wed, 20 Jul 2011, Ed W wrote: Hi, a good repost, but... Thus calling trinrtc at anytime while running should not make a difference. But doing it on bootup seems not a good idea. The system time is not good then. I'm not seeing why it makes a difference what the system time is at this

Re: [chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 1.25-pre1-18-g20a4340

On Fri, 15 Apr 2011, Miroslav Lichvar wrote: On Fri, Apr 15, 2011 at 05:30:28AM -0700, Bill Unruh wrote: The problem with using the unweighted variance is that it sort of obviates the use of the weights. It does, but it's used only for the weight calculation. Not sure what you mean

  1   2   >