Comment Re:Protocol vs software that implements it (Score 1) 287
The summary makes the mistake of conflating the NTP protocol with the messy NTP software developed by ntp.org.
.
Hopefully the ntp.org software fades away.
However, the Network Time Protocol should live on in more secure and more easily maintained implementations (e.g., NTimed and OpenNTPd).
Except that there is not one other fully-featured NTP client/server software system that I know of.
Half of the so called "NTP clients" are really S-NTP clients (Simple NTP) that are barely if at all better than using the ancient BSD rdate command to jerk the time forward or back (whichever is needed) in a discontinuous fashion, that can cause gaps in logs, missing time-based trigger events from being fired, and other well-known woes.
As far as I know PHK doesn't pretend that Ntimed is finished or fully functional. As far as I know it also doesn't pretend to support a large amount of "legacy" systems that still exist within companies networks, even if the vendor(s) disappeared 20 years ago in some cases. OpenNTPd is a pure network client/server system that AFAIK does not support external or master references (i.e. Cesium clocks or GPS modules) so while it may serve the purpose for a large number of users, it still depends on the continued operation of NTP.org's NTP software which is the de facto evolution of David Mill's reference implementation that was not intended to be a global or even enterprise-grade critical infrastructure project, but his research implementation as he, his colleagues, and students researched time synchronization.
Some of NTPd's problem are that a) it has been maintained in a hap-hazarded fashion for 15 years longer than it should have been. b) any system where a single individual is critical or irreplaceable is broken. c) NTPd has been weak in release management / engineering for a long time now, and Stenn's ad-hoc approach hasn't done much to make the work easier for himself. I admit I had not realised that the software project, NTPd, has fallen into depending on a single person. I fact I thought the ISC (Internet Systems Consortium, the group that also maintain BIND, the most common Unix DNS server on the Internet) partnership was more than a means of managing payment and offering a few servers, I thought it was intended to take NTPd, like BIND, and make it into a healthy development community, revitalize the documentation, and share expertise in maintaining a critical infrastructure scale project Open Source of Free Software ecosystem.
The most important yet non-technical solution is for Harlan Stenn to extract himself from being a critical piece of the NTPd software development and release process. IMHO he should focus 100% of his time on mentoring others to take over the various roles he is currently doing himself, and documenting the not so obvious knowledge about the protocol, its implementation, and the history surrounding pieces of code, to preserve his own knowledge, and what he can of David Mill's knowledge that isn't currently enshrined in Mill's papers and technical notes.
Perhaps like OpenBSD that had to learn the hard way many years ago, companies can be leery (wisely from a legal point of view) of funding a seemingly one-man controlled Open Source project. Legally it may open up the possibility of being considered illegally hiring an employee in some jurisdictions ("perma-temps" or "consultants as de facto employees"), as it serves to primarily fund ongoing work that does benefit the sponsor either for their in-house or their product/service offerings.
I have no ill feelings for or any dislike of Harlan Stenn. In fact I suspect he has unwittingly painted himself into a corner, and is now approaching the breaking point. And I believe the solution is radical, but not necessarily financially or technically challenging.