This was submitted with a title that doesn’t match the page and is not even accurste (Please donate to keep Network Time Protocol up) is not correct. This donation page is not for the public NTP pool. It’s for the NTP Project organization and their web page.
All of the angry comments from people who think NTP will stop working if the donation bar doesn’t get to $1000 are misinformed. Also note that the bar isn’t updating. It’s been stuck at $365 for myself and others despite donations coming in.
Not sure what happened here—the submitter is a good contributor, so most likely it was a simple misunderstanding—but yeah, the title shouldn't have been editorialized (https://news.ycombinator.com/newsguidelines.html).
Yes, it’s updating now. Ctrl-F this thread and search for ‘365’ and you’ll see that it was not changing for several hours despite donations rolling in.
Rather than money one can donate NTP servers to the pool. [1] It can be a fun learning exercise in setting up a stable stratum-2 time server. One can create graphs from the optional logs.
Why bother? Many of the rabbit holes one could venture down in learning to set up a stable time server can also benefit application servers in terms of latency, responsiveness, learning how to get clients to share resources and so much more. Rather than trying to find cooperative stratum-1 servers, one can start by using each of the Google, Facebook and Apple public stratum-1 servers [2] to get started. They get beat up a lot but most of them are stable most of the time.
Ask your favorite LLM how to set up a public NTP server using NTPD or Chrony. For extra credit play with each of them.
One of the really nifty things about having a stratum-1 time server on-site (because... reasons) is those graphs. You can very readily see the subtle temperature-dependence of timing crystals. At the facility I was at there was a large cycle every day during the week and then smaller cycle on each weekend day. Our HVAC system didn't heat/cool the building as much on the weekend when no one was there so the temperature swing -> frequency swing was smaller.
Really drives home one of my favourite half-jokes: every sensor is a temperature sensor; some of them measure other things too.
Yep, I encourage everyone to do this (though don't ask an LLM, actually put effort into learning). It's easy and cheap to do. I have been running a server in the NTP pool on a Digital Ocean droplet for years now, costs me only $6 a month.
The people who learn to use LLMs effectively for learning will outcompete you handily. You understand that, right? Tool use is an important skill, arguably among the most important ones we have evolved.
We ran a public NTP server for many years. Then, details hazy, but I think there was a UDP amplification vulnerability that was exploited which upset our transit provider so we took it down. Might be fun to try again though.
A fully-patched NTP server should be fine. A lot of tier-2 ISPs were treating their NTP servers as abandonware that never got updates, so they ended up being ripe for UDP amplification attacks, but that was a vulnerability in ancient software, not the protocol.
The reference implementation, while historically important, has largely been displaced by more secure/performant implementations (ntpsec, chrony), or by in-house implementations (Amazon, Google).
Notably NTPd doesn't support leap-smear, which means those who absolutely must have monotonic time can't use it at all.
> Notably NTPd doesn't support leap-smear, which means those who absolutely must have monotonic time can't use it at all.
It should be noted that there currently exists no standard, technical or statutory, for how to do leap smearing. If an event happens and you need to tie your timestamped event logs to the 'greater reality' in some legally binding way there's (AIUI) no way to do that.
Though the flag simply says that the timescale is smeared and not (AFAICT) how it is being done.
See also perhaps RFC 8633 § 2.7.1:
[…]
Operators who have legal obligations or other strong requirements to
be synchronized with UTC or civil time SHOULD NOT use leap smearing
because the distributed time cannot be guaranteed to be traceable to
UTC during the smear interval.
[…]
Any use of leap-smearing servers should be limited to within a
single, well-controlled environment. Leap smearing MUST NOT be used
for public-facing NTP servers, as they will disagree with non-
smearing servers (as well as UTC) during the leap smear interval, and
there is no standardized way for a client to detect that a server is
using leap smearing. However, be aware that some public-facing
servers may be configured this way in spite of this guidance.
>If an event happens and you need to tie your timestamped event logs to the 'greater reality' in some legally binding way there's (AIUI) no way to do that.
TAI (Temps Atomique International), is UTC without leap seconds and is the source of truth for "what time is it"
I'm finding conflicting reports of being able to actually use TAI on linux but there are several claims of at least specialty setups existing. You would absolutely not want smearing or anything like that in your time synchronization software in this case.
Kind of. If you “absolutely must” have monotonic time, though, and also care about NTP, then just pointing to TAI (in DJB’s naïve definition) or GPS time is not enough. You need to make decisions on whether you, for example, would prefer your imprecise seconds to be more even individually or for the aggregate count to be more accurate (NTP of course gets you the latter by default). Dear Sir[1], you have done metrology.
The major Linux distributions replaced ntp with ntpsec. A better question would be who is still running ntp. I know about FreeBSD and NetBSD.
ntpsec as a project seems to be doing ok. They are releasing new versions, fix reported issues, accept patches, and develop the code publicly. While ntp still has a huge list of acknowledged but unfixed CVEs.
Current Debian, Ubuntu, Fedora, RHEL/CentOS (EPEL) have an ntpsec package, but no ntp package. It's not used by default (that's chrony on most of the distributions), but the users can install it and use it.
It's not the issue of using the project, to my mind.
It is not even his beliefs, though many of them are — to my ears and hopefully to most — quite repugnant.
It is his attitude, approach, and at various times the kinds of people he attracts.
As it goes, I've seen him speak, back in the 90s, CatB era. He was genial enough but he seemed to have a coterie around him of rather less pleasant people. It could just have been a bad day but it has stuck in my mind ever since: it was the first time I understood that there's not really any sort of inclsive geek community.
I figured they would be funded by NIST, but the way the US government has been pulling back funding for everything, it didn't surprise me that they need money. Much like Jimmy Wales, I bet if everyone donated 5 bucks they'd be in a much better spot.
Accurate timekeeping is critical infrastructure. So much so, that the US government operates many radio stations whose sole purpose is to provide current time announcements, reference clocks, and other timekeeping-related information. See [0].
Relatedly: surely you're not of the opinion that the various GPS constellations are not critical infrastructure?
It's telling that we can appropriate millions of dollars to transport a decommissioned shuttle from a museum in Virginia to Texas, but NASA can't pitch in the cost of one tank of diesel to the people maintaining what this article claims to be a mission-critical tool?
> The NTP Project conducts Research and Development in NTP, a protocol designed to synchronize the clocks of computers over a network to a common timebase.
Research is put front and centre in their pitch for funding.
This is probably research into protocol for time sync. Which works well for some scenarios, but not yet for others and can improve the reference implementation (I guess; I have no hard knowledge there).
And given that ntp.org runs servers that so many organizations use they should be near the top of the funding queue for any NTP research. My 2c.
Don’t think you deserve these downvotes. That was my reaction too. Perhaps they’re coming from people who believe that the money is to support running of time servers (which, to be fair, “Please donate to keep the Network Time Protocol up” certainly implies…)
I too would be interested in knowing what the Network Time Foundation is researching, and I think conversation about that is appropriate here. NTP certainly _seems_ like it’s been ‘good enough’ for decades to an uninformed observer, and discussing if and why it’s not would be interesting (and perhaps motivate donations!)
The big companies have their own NTP pools and even implementations.
You can use the public Google or AWS pools if you want. Note that they have their own software, too, so be sure you understand the differences like leap smearing.
Blocking FAANG IPs from the NTP Foundation’s pools wouldn’t hurt FAANG at all. It would only hurt people who weren’t aware and used the NTP Foundation’s pool for things.
Not really. The biggest drain on resources historically has come from things like routers that have fixed NTP servers hardcoded in the firmware and every customer ends up using just that one without even knowing they're contributing to the problem. They also can't be blocked as the requests could come from anywhere.
But..it's $1k. This is basically pocket change on an institutional level. I've been part of some very scrappy and poorly funded community organizations and even they took in more than $1k every year. Even if you don't believe NTP maintainers should be paid anything for their work (an opinion I don't hold), it's trivial to spend this amount on modest everyday expenses like renting a venue a couple of times, buying insurance, and paying for hosting and technical resources.
It looks like they took in more than $200k and spent $100k on "contract services" (I can't tell what that means) and somewhat modest amounts on other things. Unfortunately I need to exit the rabbit hole now.
It seems a big waste of effort to maintain -say- a damnable Trello board with upcoming priorities and roadmaps <strike>and Kickstarter stretch goals</strike> when their bug tracker and mailing list are visible to the public. (Though, it seems that they've recently put the list behind some broken moderation software, so you have to go to -say- the IETF's archive of the thing to read it. "AI" crawlers ruin everything.)
EDIT: Do note that that tax return you found is for the Network Time Foundation, not the NTP Project. I don't know if the two are separate entities for tax purposes, but do note that the NTF supports several projects, of which the NTP Project is one. The NTP Project is just for NTP.
It doesn't explain why they need the money "we need the money to continue doing what we are doing" means nothing unless they also explain what they are doing and why it matters.
Thankfully, that's also on the front page:
What they are doing:
> The NTP Project produces an open source Reference Implementation of the NTP standard, maintains the implementation Documentation, and develops the protocol and algorithmic standard that is used to communicate time between systems
And why it matters:
> NTP is what ensures the reliability of billions of devices around the world, under the sea, and even in space
Now, it doesn't explain why a reference implementation is a good thing, but I think that at this point, you have a good enough idea to decide if you want to donate or not.
Edit: However, $1000 seems too low to matter. It may not even pay for the expense of the fundraising itself. I think it is more of an awareness campaign: "look at the protocol we all use, you would think we are talking many millions of dollars, but the truth is, you are off by orders of magnitude"
Yeah the ntpsec story, not great. I don't believe they're taken especially seriously. There are people close to Harlan Stenn who believe the project is essentially fraudulent.
It’s fairly limited: taking over maintenance for popmail or forking NTPSec certainly isn’t nothing but his reputation is built on the Cathedral and Bazaar essay getting attention at the right time in the 90s when open source was really taking off and his subsequent OSI work. I’d wager that an order of magnitude more people heard about fetchmail from his writing rather than the other way around.
That’s not to say that his open source projects aren’t useful, only that there are thousands of other developers who’ve done work of similar scale and adoption.
An ntpd-rs contributor elsewhere in the thread suggests ntpsec is used by many distributions, and suggests donating to ntpsec (amongst some other organisations).
I'm not sure why they'd try so hard to keep bots from paying them anyway. If someone wants to write a bot that constantly pays me good money I'm fine with that. I might rate limit it if the stream of payments coming in can't cover the cost of keeping the server from being DoS'd, but that's not going to inconvenience a human trying to submit a payment one time.
Bots use sites like this to validate lists of stolen cards with low dollar donations to validate the cards before using them on the target site. Without some one of protection sites like these are quickly flooded with fraudulent transactions and then fined and shut down by Visa and Mastercard.
This sounds like a problem where cryptocurrency could actually be the solution. Next time I want to make a charitable donation I will ask for an XMR address to preserve my privacy and work around commercial payment processor issues.
I agree, and I am still pointing to the collapse of society, not civilization. My infrastructure is local. If local society collapses, what reason do people have to maintain transmission and distribution lines and electrical substations, to work at power plants, to maintain fiber optic or copper lines for internet connectivity?
Even if "the internet" as a whole is still around, the inability for someone to connect to and to use it means cryptocurrency is similarly useless.
If you have small payments that can be made by bots easily, then your service can be used by thieves as an oracle to determine which of their stolen credit card numbers still work. Then you get lots of chargebacks to deal with.
I really hope that the sole reason that michaelt concluded this is simply due on not having any experience how to manage credit card payments (on merchant's side).
For those who does not handle these things: I am not sure on what processor Network Time Foundation is using, but Stripe's $15 fee is actually on the low side of chargebacks (some processors even use the fixed fee + percentage model). Worse, this is unconditional: if you somehow won this, you won't get the chargeback fee.
That's because the bots will use such services to 'taste' cards to see if they work. Then if they do the criminals can resell them for a higher value than for which they bought them for.
I had similar trouble, back when I tried to donate to the Internet archive. Donation box would simply not let me donate. I even wrote them an e-mail and nothing changed half a year later, so I gave up.
Too bad that good projects mess their donations up by doing web BS.
I wish when accepting donations, websites would stop caching the total collected amount or give it a super short TTL. I like to see the little progress bar get closer to the goal thanks to my couple of bucks.
Absolutely shameful that this project - and many, many others that underpin trillion-dollar tech company valuations - aren’t fully funded already by the major consumers.
I’d like to see more projects do a breakdown of total yearly costs (including contributor compensation!), how much existing sponsorships from companies actually cover, and what number they’d need to operate properly (with full-time, paid contributors).
I'm not so sure, becoming dependent on corporate funding means importing corporate policy. Is it really necessary for a DEI policy being required to appear on ntp.org, or perhaps the sudden advocacy of some proprietary protocol crapware pushed into public use from out of nowhere? That's pretty much what tends to happen
Of course the same thing happens in reverse (see recent python.org refusal to accept federal funding)
Not gonna lie, you had me going in the first sentence and then betrayed your position with:
> Is it really necessary for a DEI policy being required to appear…?
So ignoring the, well, ignorance of the remainder of your statement, it’s worth pointing out that these entities already publish mission statements, community/contributor guidelines, and a raft of other documentation that governs how they intend to operate as a way of greasing the wheels of operations. Policies are the norm, not the exception, because they dictate the rules of engagement.
So yeah, I’m all for groups making clear what they do and do not find acceptable. Transparency is a good thing, be it in code (open source), accounting, policy, or governance. And if more groups opened up their books and laid bare their operations, it’d be easier to tie their outcomes to industrial and governmental bad actors (like AWS, Google, Microsoft, Apple, etc) that fail to substantially support these technologies, or demand favors or policy changes in exchange for basic funding.
Ideally? Orgs that use open source tech in their products ought to chip in a fixed percentage to ongoing support of that project. If an entity like AWS chipped in, say, 0.01% of revenue from every service that used NTP, then the NTP organization almost certainly wouldn’t require additional funding.
Did I trigger you by picking DEI as an example? You can find a million alternatives from e.g. the Firefox<->Google relationship. No need to start name calling or whatnot
Are you confusing the NTP Foundation (the group asking for donations) with NTP the protocol or the NTP software itself?
This donation request isn’t even for the public NTP pool. Read the donation page carefully.
The big companies you’re angry at are neither dependent upon nor leeching from this group. They run their own NTP infrastructure, which in some cases has their own developments and adjustments.
Google’s, for example, uses time-smearing to handle leaps. This is different than the standard and therefore you shouldn’t mix Google’s leap-smearing NTP system with NTP servers that don’t leap smear.
> Let it fail and see what happens.
This is a real “cut off your nose to spite your face” moment, but worse: Those public companies don’t depend on any of this. They provide their own server pools and in some cases develop their own software with their own advancements. Cheering for the NTP Foundation to fail because you think it will hurt big companies is very uninformed.
It would hurt the big companies though because the employees of those big companies rely on Ntp. It may not directly impact them but it’s better than letting them continue to rake in billions and then never support the core foundational tech.
Maybe letting Ntp fail will wake up some of the employees of other companies to the absolute sad state of the software world.
> Maybe letting Ntp fail will wake up some of the employees of other companies to the absolute sad state of the software world.
Big companies run their own NTP servers (which you can use for free) and do not use the reference implantation.
There is nothing to “fail” in this project which would cause big companies to have infrastructure problems.
The saddest state of the software world is that some people here have convinced themselves to cheer for this project to fail because they don’t understand that big companies do not depend on this project that is asking for donations.
> Google’s, for example, uses time-smearing to handle leaps. This is different than the standard and therefore you shouldn’t mix Google’s leap-smearing NTP system with NTP servers that don’t leap smear.
So we can use or not?
If we can then well good, then there will be no problem then if the funding fails.
> If we can then well good, then there will be no problem then if the funding fails
The funding is not for the NTP servers or pools. Please read the actual page and all of the comments trying to explain that the HN title is a lie. NTP will not “go down” if this project fails.
You can use Google or Amazon’s NTP servers if you’d like. Just be aware of how they represent leap seconds differently.
You’re just validating my reasons to not donate which is what this discussion is about. It’s not about the way Ntp specifically works or what the money will go to. My reasons for not donating are that bad acting corpos have destroyed any reason or trust to support these smaller outfits whether directly impactful or not.
100% true, but they shouldn't have to. If FAANG is using it, they should fund it. I don't want to work in a culture where the employees pay for the corporations' tools.
I’m sick of having to pay for my own tools to do my job at your company. Either find a way to build using free tools or fork up the license for that Visual Studio Ultimate or IntelliJ Idea Ultimate license. Pay for your database vendor. Your corporate IdP. Why not $300/yr for a high value output employee?
We have a price for the total infrastructure spend per dev, and that includes things like AWS prices and all of the tooling like jira and github.
But you absolutely shouldn't have to pay for your own tools. (That said, blue collar people often have to, unlike us, and that's also awful.) But also, it's their productivity. If you are all laboring under the same constraints, it's their choice to make if they care about your productivity.
Yeah, sure, but in many places (for example in my country) they do not work for a company. They are not even legally working for themselves. You call them, they do the job, then ask for money. That's it. I think this is illegal though, but happens a lot when it comes to anything handyman-ish.
My brother is a plumber and his company reimbursed him for every tool he has bought for the job. After 5 years, he started his own plumbing business and he supplies all the tools, trucks, benefits, contracts, and customer support for his employees in the field. For what it’s worth.
That's actually decent. Too often you're stuck with whatever gear your shop uses - Bosch, Hilti, Makita are the most common power tools here in Germany. It makes sense for the penny pinchers who purchase on volume and get discounts, but chances are high it ends up pissing off the employees rather sooner than later.
FYI the big companies provide their own NTP servers and pools. You can use them if you’d like.
They also don’t use the reference implementation (which is maintained by the group this donation is for). Your distros and software probably doesn’t use it either.
The commenter above who thinks shutting down the NTP Foundation will hurt FAANG because they “leech” off of NTP Foundation is completely uninformed.
This seems incredibly unlikely. They all want clients to have accurate time, because it underpins things like sessions and TLS certs. It would also almost certainly be trivial to proxy back to regular NTP.
Even if the NTP pool somehow died, all it takes to make your own Stratum 1 NTP service is a GPS chip. An old phone probably makes a great small-scale NTP server, or an ESP32 with a GPS chip attached. 20 years ago it would have required exotic parts, but they're mundane, cheap and omnipresent these days.
Not only that, but the owners of big companies are actively lobbying to pay even less taxes. They are ideologically opposed to supporting public benefit projects.
This raises a lot of questions. Did they actually ask for money to these big companies? Did they get rejected?
Another approach could be to move this under the umbrella of any of the other OSS foundations. I can imagine the Linux Foundation would be a good place. Well funded, already has most of the stakeholders involved, and this clearly falls in their scope of interest at least. It would not surprise me if that wasn't discussed at some point.
This smells a bit like something that might be more complicated than it looks.
I'd happily donate to NTP if and only if AI companies are barred from using free software like this in the future via the sw license. I don't WANT to be part of this internet that's hostile and exploitative towards users anymore.
Something like money to the endowment from the big corp, then would be recipients petition the endowment for ongoing funding, some board decides based on a set of open protocols...
Because honestly I've seen this a bit recently - major infrastructure projects looking for effectively pocket change; a couple thousand.
They shouldn't ever have to beg for money, this is stupid.
Ideologically pure, but for all practical purposes miserly. Trillion dollar companies are very hard to move that way and very unlikely to take the first step. We need a "Foundational Software and Services" fund that says very nice things about each donor and spends 100$ on publicity for every 1$ to software to even get them to start looking, I bet.
Donate some time: Ask your boss if their company could chip?
Not sure why this comment is being downvoted. The trillion dollar companies not only run their own NTP servers but provide free public access to their pools
You don't need to be dependent on trillion dollar time companies to get an extremely accurate time source. Just get your own GPS receiver that supports timing output. You can get an GPS-based NTP server for pretty cheap.
I've had an inexpensive GPS antenna "puck" on my roof attached to a 2nd or 3rd gen raspberry pi inside, providing accurate time to my home for over a decade. This is a sub-$100 project and very fun.
I agree with you in this, I donate to a few Open Source Projects, I really cannot afford to donate to one that multi-billon $ companies use for free.
For example, OpenSSH. Used everywhere yet IBM gives a big fat 0 to that project even though OpenSSH is even used in AIX. Even though I love to complain about Microsoft, M/S does donate a decent amount to OpenSSH via OpenBSD, so M/S gets my respect for doing that.
Time companies like IBM steps up and give, if not, we are back to playing with CMOS date/time. Which is how things were when I started programing at a large company decades ago.
Looks like the first $1000 goal is specifically for maintaining to he NTP website and maybe developers? While the other is a broader goal for the foundation
It's mostly run by one guy with very limited time. On their forum, I've seen one vendor repeatedly asking for the vendor prefix for three years, only getting the response once, and never actually receiving the prefix.
As someone working on an NTP implementation (specifically ntpd-rs) I have to add some context to this: I do believe that donating to the Network Time Foundation is fine, but it is not required to keep the Network Time Protocol up in any way.
Firstly, the most important reason the ntp.org domain name is so well known is because of the NTP pool, which is an entirely separate project (the Network Time Foundation calls it an associated project), which was allowed to use the `pool.ntp.org` domain name, but does not directly receive significant funding from the Network Time Foundation as far as I understand (I do not know the details of the domain name arrangement). That pool project was developed independently of the Network Time Foundation and is run by a different group of volunteers, mostly being developed and maintained by Ask Bjørn Hansen and hosting servers entirely consisting of (sometimes professional) volunteer operators. This is what many NTP implementations, specifically many Linux distributions, use as their standard source of time. But it does not appear to depend much on the Network Time Foundation for continued existence.
Secondly, despite all the claims made on the Network Time Foundation site, the IETF took over development and maintenance of the NTP protocol for something like two decades now already under the NTP working group. This was all done with the Network Time Foundation fully agreeing this was the way forward. But for some reason they still consider themselves exempted from any process that the IETF uses and consider themselves as the true developers of the protocol. They constantly frustrate the processes that the IETF uses, claiming that they should receive special treatment as being the 'reference implementation'. Meanwhile, the IETF NTP WG does not have a concept of the reference implementation at all, instead considering all NTP implementations equal.
Aside from this frustrating stance, the Network Time Foundation also didn't do much work on trying to forward the standard at all, instead relying on the status quo from the late 90s and early 2000s. Meanwhile the IETF NTP WG worked on standardizing a way to secure NTP traffic (with regular NTP traffic being relatively easy to man in the middle, with older implementations even being so predictable that faking responses didn't even need reading the requests). That much more secure standard, NTS, was fully standardized in September of 2020, but the Network Time Foundation continues to not implement this standard. All of this has resulted in almost every Linux distribution that I know of replacing their ntpd implementation with NTPsec (with ntpd not even being available as an alternative anymore for installation).
Meanwhile people also started working on NTPv5, in order to remove some of the unsafe and badly defined parts of the standard, and in general bring the spec back up to date. As part of this process, it was decided some time ago that in contrast to the previous NTP standards, the algorithms specifying what a client should do in order to synchronize the time should be removed from the standard (the algorithms specified in the previous standards were not being used by any implementation, not even the ntpd implementation by the Network Time Foundation itself). NTPv5 instead focuses on the wire format of NTP packets and the simple interactions between parties. Yet despite there having been a consensus call on this, and despite no current implementation following the exact algorithm as specified in NTPv4, the Network Time Foundation continues to frustrate the process by claiming that these algorithms are an essential part of the standard.
All of this frustration was also a large part of why the PTP protocol was eventually developed at the IEEE. That is to say: even though the operating mode of PTP is often quite different to that of NTP these days, the information that needs to be transferred is essentially the same, and the packets could have trivially been defined to be the same as long as NTP had built in a little bit of additional flexibility a little bit earlier. This would have also helped NTP in the end (with for example hardware timestamping only being implemented for PTP right now, even though it could have been just as useful in NTP), and with PTP now also aiming to introduce a simpler client-server model via CSPTP that looks a whole lot like what NTP was trying to achieve all this time with its most used operating mode.
It is my belief that the Network Time Foundation continues to push themselves in a corner of more and more irrelevance even though that did not need to be. The historical significance of David Mills' ntpd implementation is definitely there, and we should applaud the initial efforts and their focus on keeping the protocol open and widely available. And I do believe that the current people at the Network Time Foundation could still provide more than enough valuable input in the standardization process, but they cannot claim anymore to be the sole developers of the NTP protocol. Times have changed, there are now multiple implementations with an equally valid claim. Especially with GNSS (specifically GPS) being under attack more and more these days, we need alternative ways of synchronizing computer clocks to a standard time in a secure way. NTP and NTS are perfectly positioned to take on that task and we need to make sure that we keep the standard up to date for our evolving world.
Edit: if you want something else to donate to, I would consider donating to the IETF, NTPsec, or maybe donating some time to the NTP pool. I would also link to donations for Chrony (one of the other major NTP server implementations) but they do not appear to offer anything. Linking to my own project's donation page does not seem fair considering the contents of this post.
It's almost certain NTP is what's synchronizing time on your system right now.
And yes, they're separate from the NTP Pool Project, which runs the actual servers, but the Network Time Foundation supports the software that billions of devices run on.
I feel like a ~$10M/yr foundation to fund hundreds of the "Some Guy In Nebraska" people (https://xkcd.com/2347/) on a modest stipend would be easily worthwhile for any one of the tech giants, even understanding the free rider effect. Some of their thousands of engineers are being paid high six or seven figures, and every single minute of their time spent figuring out how some dependency has changed and broken compatibility adds up very quickly. Just paying them to sit on their hands and not let anything break by some kind of hostile takeover, like an intelligence agency quietly paying people to keep quiet.
This donation is for the NTP Foundation for something specific like their website.
The big companies who use NTP have their own pools and either use versions of different ntp implantations or their own internal ones.
All of these comments assuming cloud providers are using the reference NTP implementation and the public pools have no idea what they’re talking about.
Perhaps it is just my career experience, but I have never worked at a company that 1) cared about the time and 2) did not have its own clocks and 3) would touch ntpd with a 10-foot pole.
We've allocated $60,000 to NTP from FLOSS/fund [1]. It happened in May, but the disbursal is pending owing to paperwork [2]. We hope it'll go through in the next couple of months.
The combination of the moving goalposts for donations (they changed it from $1000 goal to $4000 after hitting their goal[0]) and the fact that they have have a large donation like this pending but simply haven't completed the paperwork kind of rubs me the wrong way a little bit.
The delay is on our side while we wait for regulatory approvals (India) for cross-border disbursements, I must clarify. The issues are described in the post I linked [2].
The domain ntp.org is a very visible one, why not add a "Donors" page and say everyone who donates 250+ gets to show their company name as a sponsor on that page?
This usually gets the attention of corporates and makes it easy to make the case internally as well, they all love to sponsor!
That might work, but the second order effect would probably be companies trying to do the work of time synchronisation themselves in case it happened again. That would lead to fragmentation and incompatibility.
The ntp pool is actually independently run and funded and has nothing to do with the NTPd implementation nor the NTP Foundation, other than them allowing the pool to use that DNS name.
So we have NTP begging to raise a grand yet we have hundreds of billions being spent on AI data centers.
NTP might not be able to generate AI cat videos full of hallucinations but it is a vital part of web infrastructure. The same can't be said about today's mega projects.
Meh. NTP is just an awkward less accurate frontend for GPS these days.
It's so easy to run your own NTP server. You can set up a pretty decent one using GPS PPS for like $200. My home ntp server is good for +/- 1us if you believe its ntpq stats...
This isn't like DNS. Everyone can run their own local NTP and that's fine. The only true shared infrastructure is the GPS constellation.
I hate to say it, but a number that low means ads are the answer. Even a YouTube video showing how to set up NTP would cover this cost if you recommend it to all users. Asking for money isn't respectable at this low number.
Honestly the XSLT mocking and bad faith arguments have convinced me as an individual I shouldn’t care about technologies so much. If NTP is so important, one of the billion dollar corpos can foot the bill since they know best about what is valuable.
This is true when all network delays between the synchronized device and the time reference are deterministic and accounted for in the configuration.
The design of PTP assumes that this is the case. NTP, on the other hand, estimates the network delays to its time references.
Is there any reason to believe that PTP would be better in normal networks?
PTP is more precise so it's much harder to synchronize over long distances. Even in data centers it benefits from hop-by-hop participation from the routers involved.
This was submitted with a title that doesn’t match the page and is not even accurste (Please donate to keep Network Time Protocol up) is not correct. This donation page is not for the public NTP pool. It’s for the NTP Project organization and their web page.
All of the angry comments from people who think NTP will stop working if the donation bar doesn’t get to $1000 are misinformed. Also note that the bar isn’t updating. It’s been stuck at $365 for myself and others despite donations coming in.
Not sure what happened here—the submitter is a good contributor, so most likely it was a simple misunderstanding—but yeah, the title shouldn't have been editorialized (https://news.ycombinator.com/newsguidelines.html).
You’re right, people are plainly commenting based on the title.
The goal has now mysteriously changed to a goal of $4000.
Likely the $3000 was needed to stand up a network that can handle the request load from hacker news.
Now it's $4560 on the way to a goal of $8000.
Great look, guys. You're fooling... somebody, apparently.
It went from 1k -> 2k -> 4k to 8k, so I guess the next will be 16k and then 32k..
Now it's $8,000
>$4,560 of $8,000 raised
nothing could be LESS mysterious
I see it at $2,130 fifteen minutes after your comment.
Yes, it’s updating now. Ctrl-F this thread and search for ‘365’ and you’ll see that it was not changing for several hours despite donations rolling in.
I suspect someone is updating that bar by hand :V
"Please donate so we can automate near-realtime display of our donations bar" doesn't have the same ring to it.
Probably yes, it's still at 2130
I think maybe the title of this topic post is the main source of misinformation.
It’s definitely the title. The title is a plain and simple lie.
Rather than money one can donate NTP servers to the pool. [1] It can be a fun learning exercise in setting up a stable stratum-2 time server. One can create graphs from the optional logs.
Why bother? Many of the rabbit holes one could venture down in learning to set up a stable time server can also benefit application servers in terms of latency, responsiveness, learning how to get clients to share resources and so much more. Rather than trying to find cooperative stratum-1 servers, one can start by using each of the Google, Facebook and Apple public stratum-1 servers [2] to get started. They get beat up a lot but most of them are stable most of the time.
Ask your favorite LLM how to set up a public NTP server using NTPD or Chrony. For extra credit play with each of them.
[1] - https://www.ntppool.org/en/join.html
[2] - # grep -E "facebo|goog|appl" /etc/hosts
One of the really nifty things about having a stratum-1 time server on-site (because... reasons) is those graphs. You can very readily see the subtle temperature-dependence of timing crystals. At the facility I was at there was a large cycle every day during the week and then smaller cycle on each weekend day. Our HVAC system didn't heat/cool the building as much on the weekend when no one was there so the temperature swing -> frequency swing was smaller.
Really drives home one of my favourite half-jokes: every sensor is a temperature sensor; some of them measure other things too.
Yep, I encourage everyone to do this (though don't ask an LLM, actually put effort into learning). It's easy and cheap to do. I have been running a server in the NTP pool on a Digital Ocean droplet for years now, costs me only $6 a month.
The people who learn to use LLMs effectively for learning will outcompete you handily. You understand that, right? Tool use is an important skill, arguably among the most important ones we have evolved.
We ran a public NTP server for many years. Then, details hazy, but I think there was a UDP amplification vulnerability that was exploited which upset our transit provider so we took it down. Might be fun to try again though.
A fully-patched NTP server should be fine. A lot of tier-2 ISPs were treating their NTP servers as abandonware that never got updates, so they ended up being ripe for UDP amplification attacks, but that was a vulnerability in ancient software, not the protocol.
I am surprised that NTP project is not funded, fully or partially, by larger organizations or governments, given the criticality of the project.
The reference implementation, while historically important, has largely been displaced by more secure/performant implementations (ntpsec, chrony), or by in-house implementations (Amazon, Google).
Notably NTPd doesn't support leap-smear, which means those who absolutely must have monotonic time can't use it at all.
> Notably NTPd doesn't support leap-smear, which means those who absolutely must have monotonic time can't use it at all.
It should be noted that there currently exists no standard, technical or statutory, for how to do leap smearing. If an event happens and you need to tie your timestamped event logs to the 'greater reality' in some legally binding way there's (AIUI) no way to do that.
A few years ago there was a draft on the idea:
* https://datatracker.ietf.org/doc/draft-stenn-ntp-leap-smear-...
And the currently-draft NTPv5 has something about:
* https://datatracker.ietf.org/doc/draft-ietf-ntp-ntpv5/
Though the flag simply says that the timescale is smeared and not (AFAICT) how it is being done.
See also perhaps RFC 8633 § 2.7.1:
* https://datatracker.ietf.org/doc/rfc8633/>If an event happens and you need to tie your timestamped event logs to the 'greater reality' in some legally binding way there's (AIUI) no way to do that.
TAI (Temps Atomique International), is UTC without leap seconds and is the source of truth for "what time is it"
I'm finding conflicting reports of being able to actually use TAI on linux but there are several claims of at least specialty setups existing. You would absolutely not want smearing or anything like that in your time synchronization software in this case.
> Those who absolutely must have monotonic time
... shouldn’t be using a Unix timestamp, or anything else that’s not a count of SI seconds elapsed since a fixed reference point, to begin with.
Pitch: TAI
Kind of. If you “absolutely must” have monotonic time, though, and also care about NTP, then just pointing to TAI (in DJB’s naïve definition) or GPS time is not enough. You need to make decisions on whether you, for example, would prefer your imprecise seconds to be more even individually or for the aggregate count to be more accurate (NTP of course gets you the latter by default). Dear Sir[1], you have done metrology.
[1] https://people.csail.mit.edu/rachit/post/you-have-built-a-co..., https://news.ycombinator.com/item?id=29891428
Who's running ntpsec?
The major Linux distributions replaced ntp with ntpsec. A better question would be who is still running ntp. I know about FreeBSD and NetBSD.
ntpsec as a project seems to be doing ok. They are releasing new versions, fix reported issues, accept patches, and develop the code publicly. While ntp still has a huge list of acknowledged but unfixed CVEs.
is that true? ubuntu and red hat for example use chrony or systemd-timesyncd
Which distributions use ntpsec?
Current Debian, Ubuntu, Fedora, RHEL/CentOS (EPEL) have an ntpsec package, but no ntp package. It's not used by default (that's chrony on most of the distributions), but the users can install it and use it.
Thats… not the same thing.
At least in part, someone you really don't want to be running a fork of an important project: ESR.
Oh, no, I mean, I know who's actually behind the project, I'm just wondering if there are any major deployments of it.
I'm out of the loop. What's the issue with using a project that ESR contributes to?
I am vaguely aware he has some unpopular political beliefs (though exactly what I don't know). Is that it?
Insofar as racism, homophobia, and sexism are unpopular political beliefs: yes.
Oh, also he doesn't really "contribute" to tech projects so much as "exists near/within them and writes long form ramblings".
Ah, the person I responded to suggests he runs the project.
If he just "exists near", I see even less of a case why someone should avoid it.
But horses for courses, people can choose to avoid for whatever reason.
No, there's a long story behind ntpsec and it's all pretty exhausting and none of it has anything to do with ESR's personal life.
It's not the issue of using the project, to my mind.
It is not even his beliefs, though many of them are — to my ears and hopefully to most — quite repugnant.
It is his attitude, approach, and at various times the kinds of people he attracts.
As it goes, I've seen him speak, back in the 90s, CatB era. He was genial enough but he seemed to have a coterie around him of rather less pleasant people. It could just have been a bad day but it has stuck in my mind ever since: it was the first time I understood that there's not really any sort of inclsive geek community.
Less pleasant — in what way?
I figured they would be funded by NIST, but the way the US government has been pulling back funding for everything, it didn't surprise me that they need money. Much like Jimmy Wales, I bet if everyone donated 5 bucks they'd be in a much better spot.
They need money because they aren’t important.
The Network Time Foundation (which counts the NTP project among those it provides resources to) lists several corporate Members.
But yeah, critical infrastructure usually goes criminally underfunded.
Except they aren’t critical infrastructure which is why no one supports them.
Accurate timekeeping is critical infrastructure. So much so, that the US government operates many radio stations whose sole purpose is to provide current time announcements, reference clocks, and other timekeeping-related information. See [0].
Relatedly: surely you're not of the opinion that the various GPS constellations are not critical infrastructure?
[0] <https://www.nist.gov/pml/time-and-frequency-division/time-se...>
Just because other timekeeping projects are critical infrastructure doesn't mean that one NTP client is critical infrastructure.
Sure. I agree with you. You're absolutely correct.
https://xkcd.com/2347/
Shoutouts to Nebraska
Hey, somebody out there
Listen to my last prayer
Hi-ho-silver-o
Deliver me from nowhere
Why is research into the protocol useful. Isn't it done?
We keep coming up with new ways to use it: https://ntrs.nasa.gov/citations/20240011919
It's telling that we can appropriate millions of dollars to transport a decommissioned shuttle from a museum in Virginia to Texas, but NASA can't pitch in the cost of one tank of diesel to the people maintaining what this article claims to be a mission-critical tool?
The claim is false.
Time is hard, time synchronization is arguably harder.
The project isn't about research it's about creating a reference implementation
> The NTP Project conducts Research and Development in NTP, a protocol designed to synchronize the clocks of computers over a network to a common timebase.
Research is put front and centre in their pitch for funding.
This is probably research into protocol for time sync. Which works well for some scenarios, but not yet for others and can improve the reference implementation (I guess; I have no hard knowledge there).
And given that ntp.org runs servers that so many organizations use they should be near the top of the funding queue for any NTP research. My 2c.
What's the distinction from NIST's internet time service?
Don’t think you deserve these downvotes. That was my reaction too. Perhaps they’re coming from people who believe that the money is to support running of time servers (which, to be fair, “Please donate to keep the Network Time Protocol up” certainly implies…)
I too would be interested in knowing what the Network Time Foundation is researching, and I think conversation about that is appropriate here. NTP certainly _seems_ like it’s been ‘good enough’ for decades to an uninformed observer, and discussing if and why it’s not would be interesting (and perhaps motivate donations!)
Large tech companies and free-riding critical internet commons, name a better duo.
That would be easily solved by blocking from NTP any ip address belonging to a big tech corp that doesn't pony up.
The big companies have their own NTP pools and even implementations.
You can use the public Google or AWS pools if you want. Note that they have their own software, too, so be sure you understand the differences like leap smearing.
Blocking FAANG IPs from the NTP Foundation’s pools wouldn’t hurt FAANG at all. It would only hurt people who weren’t aware and used the NTP Foundation’s pool for things.
Not really. The biggest drain on resources historically has come from things like routers that have fixed NTP servers hardcoded in the firmware and every customer ends up using just that one without even knowing they're contributing to the problem. They also can't be blocked as the requests could come from anywhere.
Itchy and Scratchy
It's not really clear why they need this money either?
> It's not really clear why they need this money either?
Really? The sentence at the top of the Donate page seems pretty clear to me:
> Your donation helps Network Time Foundation maintain the NTP website and provide resources and support to NTP developers.
Is it unclear to you?
It is kind of vague IMO. Especially since most of the actual NTP infrastructure is run by governments, universities, and companies.
https://gist.github.com/mutin-sa/eea1c396b1e610a2da1e5550d94...
But..it's $1k. This is basically pocket change on an institutional level. I've been part of some very scrappy and poorly funded community organizations and even they took in more than $1k every year. Even if you don't believe NTP maintainers should be paid anything for their work (an opinion I don't hold), it's trivial to spend this amount on modest everyday expenses like renting a venue a couple of times, buying insurance, and paying for hosting and technical resources.
EDIT: Here is their 2024 tax return
https://www.nwtime.org/about/documents/2024_NTF_IRS_990.pdf
It looks like they took in more than $200k and spent $100k on "contract services" (I can't tell what that means) and somewhat modest amounts on other things. Unfortunately I need to exit the rabbit hole now.
We're talking about $1000. In context i would assume its their hosting bill.
I can't imagine its much more than that if we are talking about such a small sum.
> It is kind of vague IMO.
How much more clear can they reasonably be?
It seems a big waste of effort to maintain -say- a damnable Trello board with upcoming priorities and roadmaps <strike>and Kickstarter stretch goals</strike> when their bug tracker and mailing list are visible to the public. (Though, it seems that they've recently put the list behind some broken moderation software, so you have to go to -say- the IETF's archive of the thing to read it. "AI" crawlers ruin everything.)
EDIT: Do note that that tax return you found is for the Network Time Foundation, not the NTP Project. I don't know if the two are separate entities for tax purposes, but do note that the NTF supports several projects, of which the NTP Project is one. The NTP Project is just for NTP.
It doesn't explain why they need the money "we need the money to continue doing what we are doing" means nothing unless they also explain what they are doing and why it matters.
Thankfully, that's also on the front page:
What they are doing:
> The NTP Project produces an open source Reference Implementation of the NTP standard, maintains the implementation Documentation, and develops the protocol and algorithmic standard that is used to communicate time between systems
And why it matters:
> NTP is what ensures the reliability of billions of devices around the world, under the sea, and even in space
Now, it doesn't explain why a reference implementation is a good thing, but I think that at this point, you have a good enough idea to decide if you want to donate or not.
Edit: However, $1000 seems too low to matter. It may not even pay for the expense of the fundraising itself. I think it is more of an awareness campaign: "look at the protocol we all use, you would think we are talking many millions of dollars, but the truth is, you are off by orders of magnitude"
a website doesn't need $1000
and $1000 seems at the same time to be quite a bit of money, but also too little to be for funding people long term.
The project has been hungry for years.
There was a fork to clean up and secure the implementation: https://ntpsec.org and ideally they would combine forces.
Summarized here: https://lwn.net/Articles/713901
Yeah the ntpsec story, not great. I don't believe they're taken especially seriously. There are people close to Harlan Stenn who believe the project is essentially fraudulent.
> the project is essentially fraudulent
Even if it's not, ESR is involved so it's not serious.
So, I understand first hand ESR might be a little, uh, eccentric, when dealing with humans.
But it seems that his nerding, taken by itself, is pretty solid. Is that not the case?
It’s fairly limited: taking over maintenance for popmail or forking NTPSec certainly isn’t nothing but his reputation is built on the Cathedral and Bazaar essay getting attention at the right time in the 90s when open source was really taking off and his subsequent OSI work. I’d wager that an order of magnitude more people heard about fetchmail from his writing rather than the other way around.
That’s not to say that his open source projects aren’t useful, only that there are thousands of other developers who’ve done work of similar scale and adoption.
No, I don't think it is.
An ntpd-rs contributor elsewhere in the thread suggests ntpsec is used by many distributions, and suggests donating to ntpsec (amongst some other organisations).
https://news.ycombinator.com/item?id=45900184
Every distribution I've seen is using chrony or systemd-timesyncd. Is there a distribution that's actually using ntpsec?
I tried to donate, but apparently I am not human:
> 1 error prohibited this submission from being saved:
> Looks like you are not a human
Good to know.
I'm not sure why they'd try so hard to keep bots from paying them anyway. If someone wants to write a bot that constantly pays me good money I'm fine with that. I might rate limit it if the stream of payments coming in can't cover the cost of keeping the server from being DoS'd, but that's not going to inconvenience a human trying to submit a payment one time.
Bots use sites like this to validate lists of stolen cards with low dollar donations to validate the cards before using them on the target site. Without some one of protection sites like these are quickly flooded with fraudulent transactions and then fined and shut down by Visa and Mastercard.
This sounds like a problem where cryptocurrency could actually be the solution. Next time I want to make a charitable donation I will ask for an XMR address to preserve my privacy and work around commercial payment processor issues.
I was thinking the same. Seems HN is now pro-bank and anti-cryptocurrency.
HN is anti-nonsense, anti-hype, anti-crime, so, yeah, pretty anti-cryptocurrency.
until one's society started to collapse, one does not think crypto is good
When society collapses, will we still have reliable infrastructure (internet and electricity, to be specific) on which cryptocurrency depends?
another one from high trust stable place. glad for you being there.
have you heard about decentralization?
society is not civilization. local vs global.
> society is not civilization. local vs global.
I agree, and I am still pointing to the collapse of society, not civilization. My infrastructure is local. If local society collapses, what reason do people have to maintain transmission and distribution lines and electrical substations, to work at power plants, to maintain fiber optic or copper lines for internet connectivity?
Even if "the internet" as a whole is still around, the inability for someone to connect to and to use it means cryptocurrency is similarly useless.
If you have small payments that can be made by bots easily, then your service can be used by thieves as an oracle to determine which of their stolen credit card numbers still work. Then you get lots of chargebacks to deal with.
Then when too many of the fradulent payments get charged back then your payment processor drops you
Sure, chargebacks cost money.
You know what else costs money? When someone wants to give you money, and you misidentify them as a bot and refuse their money.
With donations being blocked you keep sitting at 0, with chargebacks you can actually go negative, in a potentially unbounded way.
I really hope that the sole reason that michaelt concluded this is simply due on not having any experience how to manage credit card payments (on merchant's side).
For those who does not handle these things: I am not sure on what processor Network Time Foundation is using, but Stripe's $15 fee is actually on the low side of chargebacks (some processors even use the fixed fee + percentage model). Worse, this is unconditional: if you somehow won this, you won't get the chargeback fee.
Yeah, but one probably costs more money then the other, and it seems plausible its the chargebacks.
That's because the bots will use such services to 'taste' cards to see if they work. Then if they do the criminals can resell them for a higher value than for which they bought them for.
[deleted]
Well fraudsters need to have their time in sync for their business right? Who are you to deny their donations?
Is there a problem with fraudsters donating to OSS projects?
Money is money.
How do you know the cash you are using is not "blood money"? Come on.
You are thinking to much in emoji's and emdashes.
Yeah, I'm not a human either.
(Edited to add: that was from Safari. Chrome worked. YMMV.)
I had similar trouble, back when I tried to donate to the Internet archive. Donation box would simply not let me donate. I even wrote them an e-mail and nothing changed half a year later, so I gave up.
Too bad that good projects mess their donations up by doing web BS.
I wish when accepting donations, websites would stop caching the total collected amount or give it a super short TTL. I like to see the little progress bar get closer to the goal thanks to my couple of bucks.
If they are only counting fully cleared funds, your payment might not be relevant yet. Some fraud checks are not synchronous, for instance.
Though they could fake it: take the current cleared total and add your amount for your display.
Perhaps they don't have the funds to implement that feature.
Absolutely shameful that this project - and many, many others that underpin trillion-dollar tech company valuations - aren’t fully funded already by the major consumers.
I’d like to see more projects do a breakdown of total yearly costs (including contributor compensation!), how much existing sponsorships from companies actually cover, and what number they’d need to operate properly (with full-time, paid contributors).
I'm not so sure, becoming dependent on corporate funding means importing corporate policy. Is it really necessary for a DEI policy being required to appear on ntp.org, or perhaps the sudden advocacy of some proprietary protocol crapware pushed into public use from out of nowhere? That's pretty much what tends to happen
Of course the same thing happens in reverse (see recent python.org refusal to accept federal funding)
Not gonna lie, you had me going in the first sentence and then betrayed your position with:
> Is it really necessary for a DEI policy being required to appear…?
So ignoring the, well, ignorance of the remainder of your statement, it’s worth pointing out that these entities already publish mission statements, community/contributor guidelines, and a raft of other documentation that governs how they intend to operate as a way of greasing the wheels of operations. Policies are the norm, not the exception, because they dictate the rules of engagement.
So yeah, I’m all for groups making clear what they do and do not find acceptable. Transparency is a good thing, be it in code (open source), accounting, policy, or governance. And if more groups opened up their books and laid bare their operations, it’d be easier to tie their outcomes to industrial and governmental bad actors (like AWS, Google, Microsoft, Apple, etc) that fail to substantially support these technologies, or demand favors or policy changes in exchange for basic funding.
Ideally? Orgs that use open source tech in their products ought to chip in a fixed percentage to ongoing support of that project. If an entity like AWS chipped in, say, 0.01% of revenue from every service that used NTP, then the NTP organization almost certainly wouldn’t require additional funding.
Did I trigger you by picking DEI as an example? You can find a million alternatives from e.g. the Firefox<->Google relationship. No need to start name calling or whatnot
I refuse to donate. Trillion dollar companies depend leech on it and yet refuse to spend money on it.
Let it fail and see what happens.
Those trillion dollar companies are running a lot of public NTP server infrastructure. Here is a list of public NTP addresses from different big tech companies: https://gist.github.com/mutin-sa/eea1c396b1e610a2da1e5550d94...
> Trillion dollar companies depend leech on it
Are you confusing the NTP Foundation (the group asking for donations) with NTP the protocol or the NTP software itself?
This donation request isn’t even for the public NTP pool. Read the donation page carefully.
The big companies you’re angry at are neither dependent upon nor leeching from this group. They run their own NTP infrastructure, which in some cases has their own developments and adjustments.
Google’s, for example, uses time-smearing to handle leaps. This is different than the standard and therefore you shouldn’t mix Google’s leap-smearing NTP system with NTP servers that don’t leap smear.
> Let it fail and see what happens.
This is a real “cut off your nose to spite your face” moment, but worse: Those public companies don’t depend on any of this. They provide their own server pools and in some cases develop their own software with their own advancements. Cheering for the NTP Foundation to fail because you think it will hurt big companies is very uninformed.
leap seconds are deprecated
The deprecation isn't effective until 2035, leap seconds will still be inserted until then.
It would hurt the big companies though because the employees of those big companies rely on Ntp. It may not directly impact them but it’s better than letting them continue to rake in billions and then never support the core foundational tech.
Maybe letting Ntp fail will wake up some of the employees of other companies to the absolute sad state of the software world.
> Maybe letting Ntp fail will wake up some of the employees of other companies to the absolute sad state of the software world.
Big companies run their own NTP servers (which you can use for free) and do not use the reference implantation.
There is nothing to “fail” in this project which would cause big companies to have infrastructure problems.
The saddest state of the software world is that some people here have convinced themselves to cheer for this project to fail because they don’t understand that big companies do not depend on this project that is asking for donations.
From the previous comment.
> Google’s, for example, uses time-smearing to handle leaps. This is different than the standard and therefore you shouldn’t mix Google’s leap-smearing NTP system with NTP servers that don’t leap smear.
So we can use or not?
If we can then well good, then there will be no problem then if the funding fails.
> If we can then well good, then there will be no problem then if the funding fails
The funding is not for the NTP servers or pools. Please read the actual page and all of the comments trying to explain that the HN title is a lie. NTP will not “go down” if this project fails.
You can use Google or Amazon’s NTP servers if you’d like. Just be aware of how they represent leap seconds differently.
You’re just validating my reasons to not donate which is what this discussion is about. It’s not about the way Ntp specifically works or what the money will go to. My reasons for not donating are that bad acting corpos have destroyed any reason or trust to support these smaller outfits whether directly impactful or not.
Harsh but true. Any of the FAANGs could cough up a million dollars and let the thing run for 1000 months.
I’m too poor to have too much revenue that I need to donate some away to pay fewer taxes. That’s a problem corporations have.
Even a single highly paid employee of a FAANG, many of whom frequent this very forum, could pay for a year without breaking the bank.
100% true, but they shouldn't have to. If FAANG is using it, they should fund it. I don't want to work in a culture where the employees pay for the corporations' tools.
> I don't want to work in a culture where the employees pay for the corporations' tools.
Agreed. They call that 'open source' work (derogative)
Say this louder for the managers in the back!
I’m sick of having to pay for my own tools to do my job at your company. Either find a way to build using free tools or fork up the license for that Visual Studio Ultimate or IntelliJ Idea Ultimate license. Pay for your database vendor. Your corporate IdP. Why not $300/yr for a high value output employee?
We have a price for the total infrastructure spend per dev, and that includes things like AWS prices and all of the tooling like jira and github.
But you absolutely shouldn't have to pay for your own tools. (That said, blue collar people often have to, unlike us, and that's also awful.) But also, it's their productivity. If you are all laboring under the same constraints, it's their choice to make if they care about your productivity.
You know, I always thought it odd when plumbers (etc. tradesmen) working full time for a company have to supply their own tools.
Yeah, sure, but in many places (for example in my country) they do not work for a company. They are not even legally working for themselves. You call them, they do the job, then ask for money. That's it. I think this is illegal though, but happens a lot when it comes to anything handyman-ish.
My brother is a plumber and his company reimbursed him for every tool he has bought for the job. After 5 years, he started his own plumbing business and he supplies all the tools, trucks, benefits, contracts, and customer support for his employees in the field. For what it’s worth.
You can choose your tool, you’ll get it.
> You can choose your tool, you’ll get it.
That's actually decent. Too often you're stuck with whatever gear your shop uses - Bosch, Hilti, Makita are the most common power tools here in Germany. It makes sense for the penny pinchers who purchase on volume and get discounts, but chances are high it ends up pissing off the employees rather sooner than later.
I always found it odd that so many shops let people use whichever tools they want!
soon enough you'll start charging people for source code and distribution.
Maybe building the world on open source software was not good idea
They would rather downvote you than giving away $100
Because it is factually wrong, which would have taken seconds to discover.
It also gives them power over how things are run. He who pays the piper calls the tune.
> Let it fail and see what happens.
It will get replaced by a proprietary protocol/paid service from each Azure, Cloudflare, Google, AWS, ...
The rest of us will be S.O.L.
FYI the big companies provide their own NTP servers and pools. You can use them if you’d like.
They also don’t use the reference implementation (which is maintained by the group this donation is for). Your distros and software probably doesn’t use it either.
The commenter above who thinks shutting down the NTP Foundation will hurt FAANG because they “leech” off of NTP Foundation is completely uninformed.
This seems incredibly unlikely. They all want clients to have accurate time, because it underpins things like sessions and TLS certs. It would also almost certainly be trivial to proxy back to regular NTP.
Even if the NTP pool somehow died, all it takes to make your own Stratum 1 NTP service is a GPS chip. An old phone probably makes a great small-scale NTP server, or an ESP32 with a GPS chip attached. 20 years ago it would have required exotic parts, but they're mundane, cheap and omnipresent these days.
It would be so much cheaper for the companies to support this than out their own solution
You're missing the bigger picture. Vendor lock in.
Not only that, but the owners of big companies are actively lobbying to pay even less taxes. They are ideologically opposed to supporting public benefit projects.
but then they wouldn't own it.
This raises a lot of questions. Did they actually ask for money to these big companies? Did they get rejected?
Another approach could be to move this under the umbrella of any of the other OSS foundations. I can imagine the Linux Foundation would be a good place. Well funded, already has most of the stakeholders involved, and this clearly falls in their scope of interest at least. It would not surprise me if that wasn't discussed at some point.
This smells a bit like something that might be more complicated than it looks.
I'd happily donate to NTP if and only if AI companies are barred from using free software like this in the future via the sw license. I don't WANT to be part of this internet that's hostile and exploitative towards users anymore.
I think we ought to buckle up because it only seems to be getting worse, quickly.
Is there any endowment for such projects?
Something like money to the endowment from the big corp, then would be recipients petition the endowment for ongoing funding, some board decides based on a set of open protocols...
Because honestly I've seen this a bit recently - major infrastructure projects looking for effectively pocket change; a couple thousand.
They shouldn't ever have to beg for money, this is stupid.
Wikimedia Foundation sort of does now. The result of that is that their spending has ballooned to hundreds of millions of dollars.
Ideologically pure, but for all practical purposes miserly. Trillion dollar companies are very hard to move that way and very unlikely to take the first step. We need a "Foundational Software and Services" fund that says very nice things about each donor and spends 100$ on publicity for every 1$ to software to even get them to start looking, I bet.
Donate some time: Ask your boss if their company could chip?
Anyone know whether NTP already asks the biggest names for donations?
They'd each fork it. AWS NTP for $0.01/request.
This is one of those comment sections where it’s obvious that the angry comments aren’t coming from people who understand the topic.
AWS already provides their own time service and it’s both public and free https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-ti...
Doing that punishes people who donated.
How is not donating punishing those who do? Does not compute.
It's written clearly:
> Let it fail and see what happens.
Nothing will happen, so all of that is nonsense.
Trillion dollar companies run their own NTP servers
Not sure why this comment is being downvoted. The trillion dollar companies not only run their own NTP servers but provide free public access to their pools
https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-ti...
https://developers.google.com/time/
but do you want it to be dependent on trillion dollar companies?
You don't need to be dependent on trillion dollar time companies to get an extremely accurate time source. Just get your own GPS receiver that supports timing output. You can get an GPS-based NTP server for pretty cheap.
I've had an inexpensive GPS antenna "puck" on my roof attached to a 2nd or 3rd gen raspberry pi inside, providing accurate time to my home for over a decade. This is a sub-$100 project and very fun.
Wow. I mean, I imagine that this would be a hard thing for trillion dollar companies to somehow enshittify;
and still, I'd never put it past them to figure out something that I haven't.
I reflexively donate a little to things like this and I think everyone else should to.
they'll buy leftovers and take the thing private.
I agree with you in this, I donate to a few Open Source Projects, I really cannot afford to donate to one that multi-billon $ companies use for free.
For example, OpenSSH. Used everywhere yet IBM gives a big fat 0 to that project even though OpenSSH is even used in AIX. Even though I love to complain about Microsoft, M/S does donate a decent amount to OpenSSH via OpenBSD, so M/S gets my respect for doing that.
Time companies like IBM steps up and give, if not, we are back to playing with CMOS date/time. Which is how things were when I started programing at a large company decades ago.
There's probably some stupid legal reason behind why they don't donate.
I would be interesting in hearing more about this. There are legal reasons for a large company not donating to FOSS?
Oops, s/interesting/interested.
Greed.
That seems very low for such a high profile site/project
I donated an amount but the bar didn't move and is at the same level($395) as before my donation
If you follow the "Foundations work" link at the bottom, you're taken to another page that shows $4,675 of $11,000 November goal.
Looks like the first $1000 goal is specifically for maintaining to he NTP website and maybe developers? While the other is a broader goal for the foundation
The bar is still at $395. I am suspicious.
I think someone is manually updating the site to whatever the current donation amount is.
The folks who run the public NTP pool really ought not to make it easier to pay them money to use it commercially.
I submitted a request for commercial use via their online form but never received a response.
It's mostly run by one guy with very limited time. On their forum, I've seen one vendor repeatedly asking for the vendor prefix for three years, only getting the response once, and never actually receiving the prefix.
As someone working on an NTP implementation (specifically ntpd-rs) I have to add some context to this: I do believe that donating to the Network Time Foundation is fine, but it is not required to keep the Network Time Protocol up in any way.
Firstly, the most important reason the ntp.org domain name is so well known is because of the NTP pool, which is an entirely separate project (the Network Time Foundation calls it an associated project), which was allowed to use the `pool.ntp.org` domain name, but does not directly receive significant funding from the Network Time Foundation as far as I understand (I do not know the details of the domain name arrangement). That pool project was developed independently of the Network Time Foundation and is run by a different group of volunteers, mostly being developed and maintained by Ask Bjørn Hansen and hosting servers entirely consisting of (sometimes professional) volunteer operators. This is what many NTP implementations, specifically many Linux distributions, use as their standard source of time. But it does not appear to depend much on the Network Time Foundation for continued existence.
Secondly, despite all the claims made on the Network Time Foundation site, the IETF took over development and maintenance of the NTP protocol for something like two decades now already under the NTP working group. This was all done with the Network Time Foundation fully agreeing this was the way forward. But for some reason they still consider themselves exempted from any process that the IETF uses and consider themselves as the true developers of the protocol. They constantly frustrate the processes that the IETF uses, claiming that they should receive special treatment as being the 'reference implementation'. Meanwhile, the IETF NTP WG does not have a concept of the reference implementation at all, instead considering all NTP implementations equal.
Aside from this frustrating stance, the Network Time Foundation also didn't do much work on trying to forward the standard at all, instead relying on the status quo from the late 90s and early 2000s. Meanwhile the IETF NTP WG worked on standardizing a way to secure NTP traffic (with regular NTP traffic being relatively easy to man in the middle, with older implementations even being so predictable that faking responses didn't even need reading the requests). That much more secure standard, NTS, was fully standardized in September of 2020, but the Network Time Foundation continues to not implement this standard. All of this has resulted in almost every Linux distribution that I know of replacing their ntpd implementation with NTPsec (with ntpd not even being available as an alternative anymore for installation).
Meanwhile people also started working on NTPv5, in order to remove some of the unsafe and badly defined parts of the standard, and in general bring the spec back up to date. As part of this process, it was decided some time ago that in contrast to the previous NTP standards, the algorithms specifying what a client should do in order to synchronize the time should be removed from the standard (the algorithms specified in the previous standards were not being used by any implementation, not even the ntpd implementation by the Network Time Foundation itself). NTPv5 instead focuses on the wire format of NTP packets and the simple interactions between parties. Yet despite there having been a consensus call on this, and despite no current implementation following the exact algorithm as specified in NTPv4, the Network Time Foundation continues to frustrate the process by claiming that these algorithms are an essential part of the standard.
All of this frustration was also a large part of why the PTP protocol was eventually developed at the IEEE. That is to say: even though the operating mode of PTP is often quite different to that of NTP these days, the information that needs to be transferred is essentially the same, and the packets could have trivially been defined to be the same as long as NTP had built in a little bit of additional flexibility a little bit earlier. This would have also helped NTP in the end (with for example hardware timestamping only being implemented for PTP right now, even though it could have been just as useful in NTP), and with PTP now also aiming to introduce a simpler client-server model via CSPTP that looks a whole lot like what NTP was trying to achieve all this time with its most used operating mode.
It is my belief that the Network Time Foundation continues to push themselves in a corner of more and more irrelevance even though that did not need to be. The historical significance of David Mills' ntpd implementation is definitely there, and we should applaud the initial efforts and their focus on keeping the protocol open and widely available. And I do believe that the current people at the Network Time Foundation could still provide more than enough valuable input in the standardization process, but they cannot claim anymore to be the sole developers of the NTP protocol. Times have changed, there are now multiple implementations with an equally valid claim. Especially with GNSS (specifically GPS) being under attack more and more these days, we need alternative ways of synchronizing computer clocks to a standard time in a secure way. NTP and NTS are perfectly positioned to take on that task and we need to make sure that we keep the standard up to date for our evolving world.
Edit: if you want something else to donate to, I would consider donating to the IETF, NTPsec, or maybe donating some time to the NTP pool. I would also link to donations for Chrony (one of the other major NTP server implementations) but they do not appear to offer anything. Linking to my own project's donation page does not seem fair considering the contents of this post.
Here's his donation page for those curious: https://github.com/sponsors/pendulum-project
This deserves to be somewhere other than at the bottom of the comments (where it is as I’m reading).
Confusing. On https://www.nwtime.org/ they use $11,000 as “November 2025 goal“, with $4,675 as current level?
Are these goals monthly goals, with the counter being reset? The sites don’t make that clear.
Some of the comments here seem overly negative and critical.
They support billions of devices and are only asking for $4,000 in donations per year.
Never mind, they keep upping the max every time they reach it. Now it's an $11,000 goal...
They support no devices. Read more carefully.
It's almost certain NTP is what's synchronizing time on your system right now.
And yes, they're separate from the NTP Pool Project, which runs the actual servers, but the Network Time Foundation supports the software that billions of devices run on.
It's sad that a project that literally every company in the world depends on is requiring donations to keep working.
It is sad that an unfounded comment like that can be posted so easily with no basis in fact.
Care to elaborate, or do you prefer to just say "nah fam thats cap" in a pretentious manner?
These large trillion dollar companies run their own NTP servers rather than depending on this one.
I feel like a ~$10M/yr foundation to fund hundreds of the "Some Guy In Nebraska" people (https://xkcd.com/2347/) on a modest stipend would be easily worthwhile for any one of the tech giants, even understanding the free rider effect. Some of their thousands of engineers are being paid high six or seven figures, and every single minute of their time spent figuring out how some dependency has changed and broken compatibility adds up very quickly. Just paying them to sit on their hands and not let anything break by some kind of hostile takeover, like an intelligence agency quietly paying people to keep quiet.
It is apparently "Grossly Overestimate The Reliance of Companies on Open Software and Systems Week" and nobody told me.
Name one company that doesn't depend on NTP.
This donation is for the NTP Foundation for something specific like their website.
The big companies who use NTP have their own pools and either use versions of different ntp implantations or their own internal ones.
All of these comments assuming cloud providers are using the reference NTP implementation and the public pools have no idea what they’re talking about.
> The big companies who use NTP have their own pools
And which NTP servers are those pools synchronized to?
This organisation doesn't run the NTP pool.
They have their own Stratum 0 source clocks.
Perhaps it is just my career experience, but I have never worked at a company that 1) cared about the time and 2) did not have its own clocks and 3) would touch ntpd with a 10-foot pole.
We've allocated $60,000 to NTP from FLOSS/fund [1]. It happened in May, but the disbursal is pending owing to paperwork [2]. We hope it'll go through in the next couple of months.
[1] https://floss.fund/projects/2025/
[2] https://floss.fund/blog/second-tranche-2025-anniversary/#wha...
The combination of the moving goalposts for donations (they changed it from $1000 goal to $4000 after hitting their goal[0]) and the fact that they have have a large donation like this pending but simply haven't completed the paperwork kind of rubs me the wrong way a little bit.
[0]: https://web.archive.org/web/20251112110436/https://www.ntp.o...
The delay is on our side while we wait for regulatory approvals (India) for cross-border disbursements, I must clarify. The issues are described in the post I linked [2].
The domain ntp.org is a very visible one, why not add a "Donors" page and say everyone who donates 250+ gets to show their company name as a sponsor on that page? This usually gets the attention of corporates and makes it easy to make the case internally as well, they all love to sponsor!
Why not just turn it off and say we need money to turn it in again?
That might work, but the second order effect would probably be companies trying to do the work of time synchronisation themselves in case it happened again. That would lead to fragmentation and incompatibility.
The cloud providers already use their own NTP infrastructure. Much of it is public and you can use it for free, too.
Turn what off?
Time itself maybe, I know I could use with a little bit of a pause.
Return to the basement now. No escape.
pool.ntp.org dns resolution and any servers that they control, presumably
The ntp pool is actually independently run and funded and has nothing to do with the NTPd implementation nor the NTP Foundation, other than them allowing the pool to use that DNS name.
The GitHub sponsors page provides slightly more information than ntp.org and nwtime.org.
https://github.com/sponsors/nwtime
Most NTP users use better implementations that NTPd (like chrony)
I’m confused—why such a small donation amount?
So we have NTP begging to raise a grand yet we have hundreds of billions being spent on AI data centers.
NTP might not be able to generate AI cat videos full of hallucinations but it is a vital part of web infrastructure. The same can't be said about today's mega projects.
Meh. NTP is just an awkward less accurate frontend for GPS these days.
It's so easy to run your own NTP server. You can set up a pretty decent one using GPS PPS for like $200. My home ntp server is good for +/- 1us if you believe its ntpq stats...
This isn't like DNS. Everyone can run their own local NTP and that's fine. The only true shared infrastructure is the GPS constellation.
it must be fake if it wanted 1k and now 4k. dont donate
I hate to say it, but a number that low means ads are the answer. Even a YouTube video showing how to set up NTP would cover this cost if you recommend it to all users. Asking for money isn't respectable at this low number.
Ok Musk, Bezos, Gates, etc. ... reach into those deeeeeeeep pockets of yours and fund something that I KNOW you use.
$1 Trillion for AI but we the people have to keep this foundation of the internet running. This is all one big shit show.
Honestly the XSLT mocking and bad faith arguments have convinced me as an individual I shouldn’t care about technologies so much. If NTP is so important, one of the billion dollar corpos can foot the bill since they know best about what is valuable.
https://imgs.xkcd.com/comics/dependency_2x.png
Except these are some (almost scammers) claiming to be a vital pillar but just pointing at the vital piece and saying they help with it.
There are always money and resources in ad tech.
They should just switch it off for a day or two, I don't think they'll have trouble getting funding after that.
PTP is way better than NTP, but it might be possible that reference time is somehow taken from NTP anyway.
What I Mean:
Reference .gov atomic clock (not radium one) -> NTP -> ? -> ? -> satellite control station -> gps -> PTP
Hahaha
This is true when all network delays between the synchronized device and the time reference are deterministic and accounted for in the configuration. The design of PTP assumes that this is the case. NTP, on the other hand, estimates the network delays to its time references.
Is there any reason to believe that PTP would be better in normal networks?
PTP is more precise so it's much harder to synchronize over long distances. Even in data centers it benefits from hop-by-hop participation from the routers involved.