[182194] in North American Network Operators' Group
Re: NTP versions in production use?
daemon@ATHENA.MIT.EDU (Harlan Stenn)
Sun Jul 12 18:24:10 2015
X-Original-To: nanog@nanog.org
To: nanog@nanog.org
From: Harlan Stenn <stenn@nwtime.org>
Date: Sun, 12 Jul 2015 15:23:58 -0700
In-Reply-To: <106318.1436725872@turing-police.cc.vt.edu>
Errors-To: nanog-bounces@nanog.org
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--N6vA5tX248QROjREMGG47dxLTW78frLxF
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable
On 7/12/15 11:31 AM, Valdis.Kletnieks@vt.edu wrote:
> On Sun, 12 Jul 2015 10:15:20 -0400, "Mike O'Connor" said:
>=20
>> :Thanks, and I'm kinda stunned that folks are running such ancient
>> :versions of NTP.
>>
>> I suggest you get accustomed to being stunned.
>=20
> He obviously didn't see my post a few weeks back about hosts that were
> looking for an NTP server that went out of service back in 1999. And ye=
s,
> some were still using NTP v1 and v2.
>=20
> There's a *lot* of stuff on very serious autopilot out there....
I did see it, and I was assuming it was a "local" configuration problem.
This is "death by 1,000 cuts" and when I wrote my recent query I was
looking for the big offenders.
To me this situation goes hand-in-hand with the problems getting bcp38
deployed, and what Dan Geer talked about in his keynote speech at Black
Hat 2014:
http://www.youtube.com/watch?v=3DnT-TGvYOBpI
I get that some folks have real problems with their build systems and
it's hard to upgrade software tools in that environment. I know it's
can be expensive to solve that problem. I'd love to find a way to have
the "versioned tool chain" stuff that I implemented at Cisco/Andiamo be
generally available, but I haven't found that many folks willing to
support it yet and I just don't have the spare cycles to add that to my
"do it for free" pile.
I do know that if more companies were to use this sort of tool that the
argument of "we can't patch older releases because we don't have those
tools anymore and the Q/A process becomes horribly expensive" goes
away. And that also means that it's far less expensive and therefore
far more profitable to offer maintenance support on older software
releases for much longer periods of time. But I must be missing
something here as well, as I was never able to make headway with this
idea when I was at Cisco.
--=20
Harlan Stenn <stenn@nwtime.org>
http://networktimefoundation.org - be a member!
--N6vA5tX248QROjREMGG47dxLTW78frLxF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQGcBAEBCAAGBQJVoukFAAoJEN8JD8bnb/w/RKcL/2MJZXaisa8KBZdzyzhQPbUs
y3t4KiODfpWXzmE6YIg+auH/pYxtmgYwcGAciB1XyzdJ6zS3irUT3Smacw5OIaGG
i61xBJ7GmQPUPM2szFWSOu8GRq4MaGdPYAWTI1uFWmc+OFnIhYf7asNStYU53tOl
ySqWhrNrUQrODCF45Q/SRWfWj1MBJI0u72S1F9PsmLlTQSaPPwROcvDWQOZA4d24
mn0LwTe79UIqPlGwV+hou4z1qGnALZO2LVFjx3QPk3UjoZ0/I/trS230QGfrjeTO
SHTUaB0hTw3SeomDgDDo9PXYg7bYD0jToRqESRK8h14QRss1JsTJvmq66QqopH7p
zilNzOFm4d/t4w9qNbdp2Vi5lqy3Wb7raCmyjpN/2VHkXTS4USYhLdtQAPQhIUwg
UaTeSncCJLjTT3JMMU4dDry8m4oL0jTEqZ7B8/fwbawGLZpOmoAkYYQahQ+yRSfY
6Pwb19TTcZth50AxdErg+nvDfKfL2aQVlka/xHDeoA==
=Xoo/
-----END PGP SIGNATURE-----
--N6vA5tX248QROjREMGG47dxLTW78frLxF--
