> 1 error prohibited this submission from being saved:
> Looks like you are not a human
Good to know.
How do you know the cash you are using is not "blood money"? Come on.
You know what else costs money? When someone wants to give you money, and you misidentify them as a bot and refuse their money.
For those who does not handle these things: I am not sure on what processor Network Time Foundation is using, but Stripe's $15 fee is actually on the low side of chargebacks (some processors even use the fixed fee + percentage model). Worse, this is unconditional: if you somehow won this, you won't get the chargeback fee.
have you heard about decentralization?
society is not civilization. local vs global.
I agree, and I am still pointing to the collapse of society, not civilization. My infrastructure is local. If local society collapses, what reason do people have to maintain transmission and distribution lines and electrical substations, to work at power plants, to maintain fiber optic or copper lines for internet connectivity?
Even if "the internet" as a whole is still around, the inability for someone to connect to and to use it means cryptocurrency is similarly useless.
(Edited to add: that was from Safari. Chrome worked. YMMV.)
Too bad that good projects mess their donations up by doing web BS.
The big companies who use NTP have their own pools and either use versions of different ntp implantations or their own internal ones.
All of these comments assuming cloud providers are using the reference NTP implementation and the public pools have no idea what they’re talking about.
And which NTP servers are those pools synchronized to?
It was like a vacation for our heads.
Not sure how, but a yearly "lockdown vacation" would be a Good Thing for our cities (IMNSHO).
Though they could fake it: take the current cleared total and add your amount for your display.
Are these goals monthly goals, with the counter being reset? The sites don’t make that clear.
I submitted a request for commercial use via their online form but never received a response.
NTP might not be able to generate AI cat videos full of hallucinations but it is a vital part of web infrastructure. The same can't be said about today's mega projects.
What I Mean:
Reference .gov atomic clock (not radium one) -> NTP -> ? -> ? -> satellite control station -> gps -> PTP
Hahaha
Is there any reason to believe that PTP would be better in normal networks?
There was a fork to clean up and secure the implementation: https://ntpsec.org and ideally they would combine forces.
Summarized here: https://lwn.net/Articles/713901
Even if it's not, ESR is involved so it's not serious.
But it seems that his nerding, taken by itself, is pretty solid. Is that not the case?
That’s not to say that his open source projects aren’t useful, only that there are thousands of other developers who’ve done work of similar scale and adoption.
Not really, see forex the reposurgeon nonsense. https://www.phoronix.com/news/GCC-Git-Not-Yet-Settled
I donated an amount but the bar didn't move and is at the same level($395) as before my donation
I’d like to see more projects do a breakdown of total yearly costs (including contributor compensation!), how much existing sponsorships from companies actually cover, and what number they’d need to operate properly (with full-time, paid contributors).
Of course the same thing happens in reverse (see recent python.org refusal to accept federal funding)
> Is it really necessary for a DEI policy being required to appear…?
So ignoring the, well, ignorance of the remainder of your statement, it’s worth pointing out that these entities already publish mission statements, community/contributor guidelines, and a raft of other documentation that governs how they intend to operate as a way of greasing the wheels of operations. Policies are the norm, not the exception, because they dictate the rules of engagement.
So yeah, I’m all for groups making clear what they do and do not find acceptable. Transparency is a good thing, be it in code (open source), accounting, policy, or governance. And if more groups opened up their books and laid bare their operations, it’d be easier to tie their outcomes to industrial and governmental bad actors (like AWS, Google, Microsoft, Apple, etc) that fail to substantially support these technologies, or demand favors or policy changes in exchange for basic funding.
Ideally? Orgs that use open source tech in their products ought to chip in a fixed percentage to ongoing support of that project. If an entity like AWS chipped in, say, 0.01% of revenue from every service that used NTP, then the NTP organization almost certainly wouldn’t require additional funding.
Let it fail and see what happens.
I’m too poor to have too much revenue that I need to donate some away to pay fewer taxes. That’s a problem corporations have.
Agreed. They call that 'open source' work (derogative)
I’m sick of having to pay for my own tools to do my job at your company. Either find a way to build using free tools or fork up the license for that Visual Studio Ultimate or IntelliJ Idea Ultimate license. Pay for your database vendor. Your corporate IdP. Why not $300/yr for a high value output employee?
You can choose your tool, you’ll get it.
That's actually decent. Too often you're stuck with whatever gear your shop uses - Bosch, Hilti, Makita are the most common power tools here in Germany. It makes sense for the penny pinchers who purchase on volume and get discounts, but chances are high it ends up pissing off the employees rather sooner than later.
But you absolutely shouldn't have to pay for your own tools. (That said, blue collar people often have to, unlike us, and that's also awful.) But also, it's their productivity. If you are all laboring under the same constraints, it's their choice to make if they care about your productivity.
Maybe building the world on open source software was not good idea
> Let it fail and see what happens.
It will get replaced by a proprietary protocol/paid service from each Azure, Cloudflare, Google, AWS, ...
The rest of us will be S.O.L.
They also don’t use the reference implementation (which is maintained by the group this donation is for). Your distros and software probably doesn’t use it either.
The commenter above who thinks shutting down the NTP Foundation will hurt FAANG because they “leech” off of NTP Foundation is completely uninformed.
Even if the NTP pool somehow died, all it takes to make your own Stratum 1 NTP service is a GPS chip. An old phone probably makes a great small-scale NTP server, or an ESP32 with a GPS chip attached. 20 years ago it would have required exotic parts, but they're mundane, cheap and omnipresent these days.
Donate some time: Ask your boss if their company could chip?
For example, OpenSSH. Used everywhere yet IBM gives a big fat 0 to that project even though OpenSSH is even used in AIX. Even though I love to complain about Microsoft, M/S does donate a decent amount to OpenSSH via OpenBSD, so M/S gets my respect for doing that.
Time companies like IBM steps up and give, if not, we are back to playing with CMOS date/time. Which is how things were when I started programing at a large company decades ago.
AWS already provides their own time service and it’s both public and free https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-ti...
https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-ti...
Another approach could be to move this under the umbrella of any of the other OSS foundations. I can imagine the Linux Foundation would be a good place. Well funded, already has most of the stakeholders involved, and this clearly falls in their scope of interest at least. It would not surprise me if that wasn't discussed at some point.
This smells a bit like something that might be more complicated than it looks.
> Trillion dollar companies depend leech on it
Are you confusing the NTP Foundation (the group asking for donations) with NTP the protocol or the NTP software itself?
This donation request isn’t even for the public NTP pool. Read the donation page carefully.
The big companies you’re angry at are neither dependent upon nor leeching from this group. They run their own NTP infrastructure, which in some cases has their own developments and adjustments.
Google’s, for example, uses time-smearing to handle leaps. This is different than the standard and therefore you shouldn’t mix Google’s leap-smearing NTP system with NTP servers that don’t leap smear.
> Let it fail and see what happens.
This is a real “cut off your nose to spite your face” moment, but worse: Those public companies don’t depend on any of this. They provide their own server pools and in some cases develop their own software with their own advancements. Cheering for the NTP Foundation to fail because you think it will hurt big companies is very uninformed.
Maybe letting Ntp fail will wake up some of the employees of other companies to the absolute sad state of the software world.
Big companies run their own NTP servers (which you can use for free) and do not use the reference implantation.
There is nothing to “fail” in this project which would cause big companies to have infrastructure problems.
The saddest state of the software world is that some people here have convinced themselves to cheer for this project to fail because they don’t understand that big companies do not depend on this project that is asking for donations.
> Google’s, for example, uses time-smearing to handle leaps. This is different than the standard and therefore you shouldn’t mix Google’s leap-smearing NTP system with NTP servers that don’t leap smear.
So we can use or not?
If we can then well good, then there will be no problem then if the funding fails.
The funding is not for the NTP servers or pools. Please read the actual page and all of the comments trying to explain that the HN title is a lie. NTP will not “go down” if this project fails.
You can use Google or Amazon’s NTP servers if you’d like. Just be aware of how they represent leap seconds differently.
Something like money to the endowment from the big corp, then would be recipients petition the endowment for ongoing funding, some board decides based on a set of open protocols...
Because honestly I've seen this a bit recently - major infrastructure projects looking for effectively pocket change; a couple thousand.
They shouldn't ever have to beg for money, this is stupid.
and still, I'd never put it past them to figure out something that I haven't.
I reflexively donate a little to things like this and I think everyone else should to.
Why bother? Many of the rabbit holes one could venture down in learning to set up a stable time server can also benefit application servers in terms of latency, responsiveness, learning how to get clients to share resources and so much more. Rather than trying to find cooperative stratum-1 servers, one can start by using each of the Google, Facebook and Apple public stratum-1 servers [2] to get started. They get beat up a lot but most of them are stable most of the time.
Ask your favorite LLM how to set up a public NTP server using NTPD or Chrony. For extra credit play with each of them.
[1] - https://www.ntppool.org/en/join.html
[2] - # grep -E "facebo|goog|appl" /etc/hosts
17.253.16.253 time.apple.com
129.134.28.123 time1.facebook.com
129.134.29.123 time2.facebook.com
129.134.25.123 time3.facebook.com
129.134.26.123 time4.facebook.com
129.134.27.123 time5.facebook.com
216.239.35.0 time1.google.com
216.239.35.4 time2.google.com
216.239.35.8 time3.google.com
216.239.35.12 time4.google.comReally drives home one of my favourite half-jokes: every sensor is a temperature sensor; some of them measure other things too.
Firstly, the most important reason the ntp.org domain name is so well known is because of the NTP pool, which is an entirely separate project (the Network Time Foundation calls it an associated project), which was allowed to use the `pool.ntp.org` domain name, but does not directly receive significant funding from the Network Time Foundation as far as I understand (I do not know the details of the domain name arrangement). That pool project was developed independently of the Network Time Foundation and is run by a different group of volunteers, mostly being developed and maintained by Ask Bjørn Hansen and hosting servers entirely consisting of (sometimes professional) volunteer operators. This is what many NTP implementations, specifically many Linux distributions, use as their standard source of time. But it does not appear to depend much on the Network Time Foundation for continued existence.
Secondly, despite all the claims made on the Network Time Foundation site, the IETF took over development and maintenance of the NTP protocol for something like two decades now already under the NTP working group. This was all done with the Network Time Foundation fully agreeing this was the way forward. But for some reason they still consider themselves exempted from any process that the IETF uses and consider themselves as the true developers of the protocol. They constantly frustrate the processes that the IETF uses, claiming that they should receive special treatment as being the 'reference implementation'. Meanwhile, the IETF NTP WG does not have a concept of the reference implementation at all, instead considering all NTP implementations equal.
Aside from this frustrating stance, the Network Time Foundation also didn't do much work on trying to forward the standard at all, instead relying on the status quo from the late 90s and early 2000s. Meanwhile the IETF NTP WG worked on standardizing a way to secure NTP traffic (with regular NTP traffic being relatively easy to man in the middle, with older implementations even being so predictable that faking responses didn't even need reading the requests). That much more secure standard, NTS, was fully standardized in September of 2020, but the Network Time Foundation continues to not implement this standard. All of this has resulted in almost every Linux distribution that I know of replacing their ntpd implementation with NTPsec (with ntpd not even being available as an alternative anymore for installation).
Meanwhile people also started working on NTPv5, in order to remove some of the unsafe and badly defined parts of the standard, and in general bring the spec back up to date. As part of this process, it was decided some time ago that in contrast to the previous NTP standards, the algorithms specifying what a client should do in order to synchronize the time should be removed from the standard (the algorithms specified in the previous standards were not being used by any implementation, not even the ntpd implementation by the Network Time Foundation itself). NTPv5 instead focuses on the wire format of NTP packets and the simple interactions between parties. Yet despite there having been a consensus call on this, and despite no current implementation following the exact algorithm as specified in NTPv4, the Network Time Foundation continues to frustrate the process by claiming that these algorithms are an essential part of the standard.
All of this frustration was also a large part of why the PTP protocol was eventually developed at the IEEE. That is to say: even though the operating mode of PTP is often quite different to that of NTP these days, the information that needs to be transferred is essentially the same, and the packets could have trivially been defined to be the same as long as NTP had built in a little bit of additional flexibility a little bit earlier. This would have also helped NTP in the end (with for example hardware timestamping only being implemented for PTP right now, even though it could have been just as useful in NTP), and with PTP now also aiming to introduce a simpler client-server model via CSPTP that looks a whole lot like what NTP was trying to achieve all this time with its most used operating mode.
It is my belief that the Network Time Foundation continues to push themselves in a corner of more and more irrelevance even though that did not need to be. The historical significance of David Mills' ntpd implementation is definitely there, and we should applaud the initial efforts and their focus on keeping the protocol open and widely available. And I do believe that the current people at the Network Time Foundation could still provide more than enough valuable input in the standardization process, but they cannot claim anymore to be the sole developers of the NTP protocol. Times have changed, there are now multiple implementations with an equally valid claim. Especially with GNSS (specifically GPS) being under attack more and more these days, we need alternative ways of synchronizing computer clocks to a standard time in a secure way. NTP and NTS are perfectly positioned to take on that task and we need to make sure that we keep the standard up to date for our evolving world.
Edit: if you want something else to donate to, I would consider donating to the IETF, NTPsec, or maybe donating some time to the NTP pool. I would also link to donations for Chrony (one of the other major NTP server implementations) but they do not appear to offer anything. Linking to my own project's donation page does not seem fair considering the contents of this post.
All of the angry comments from people who think NTP will stop working if the donation bar doesn’t get to $1000 are misinformed. Also note that the bar isn’t updating. It’s been stuck at $365 for myself and others despite donations coming in.
The goal has now mysteriously changed to a goal of $4000.
Great look, guys. You're fooling... somebody, apparently.
>$4,560 of $8,000 raised
They support billions of devices and are only asking for $4,000 in donations per year.
And yes, they're separate from the NTP Pool Project, which runs the actual servers, but the Network Time Foundation supports the software that billions of devices run on.
It's so easy to run your own NTP server. You can set up a pretty decent one using GPS PPS for like $200. My home ntp server is good for +/- 1us if you believe its ntpq stats...
This isn't like DNS. Everyone can run their own local NTP and that's fine. The only true shared infrastructure is the GPS constellation.
[1] https://floss.fund/projects/2025/
[2] https://floss.fund/blog/second-tranche-2025-anniversary/#wha...
[0]: https://web.archive.org/web/20251112110436/https://www.ntp.o...
mhovd•2mo ago
philipwhiuk•2mo ago
junon•2mo ago
saikia81•2mo ago
philipwhiuk•2mo ago
Research is put front and centre in their pitch for funding.
ptero•2mo ago
And given that ntp.org runs servers that so many organizations use they should be near the top of the funding queue for any NTP research. My 2c.
willis936•2mo ago
iamkonstantin•2mo ago
freeopinion•2mo ago
NetMageSCW•2mo ago
jrmg•2mo ago
I too would be interested in knowing what the Network Time Foundation is researching, and I think conversation about that is appropriate here. NTP certainly _seems_ like it’s been ‘good enough’ for decades to an uninformed observer, and discussing if and why it’s not would be interesting (and perhaps motivate donations!)
arccy•2mo ago
simoncion•2mo ago
Really? The sentence at the top of the Donate page seems pretty clear to me:
> Your donation helps Network Time Foundation maintain the NTP website and provide resources and support to NTP developers.
Is it unclear to you?
tdeck•2mo ago
https://gist.github.com/mutin-sa/eea1c396b1e610a2da1e5550d94...
But..it's $1k. This is basically pocket change on an institutional level. I've been part of some very scrappy and poorly funded community organizations and even they took in more than $1k every year. Even if you don't believe NTP maintainers should be paid anything for their work (an opinion I don't hold), it's trivial to spend this amount on modest everyday expenses like renting a venue a couple of times, buying insurance, and paying for hosting and technical resources.
EDIT: Here is their 2024 tax return
https://www.nwtime.org/about/documents/2024_NTF_IRS_990.pdf
It looks like they took in more than $200k and spent $100k on "contract services" (I can't tell what that means) and somewhat modest amounts on other things. Unfortunately I need to exit the rabbit hole now.
simoncion•2mo ago
How much more clear can they reasonably be?
It seems a big waste of effort to maintain -say- a damnable Trello board with upcoming priorities and roadmaps <strike>and Kickstarter stretch goals</strike> when their bug tracker and mailing list are visible to the public. (Though, it seems that they've recently put the list behind some broken moderation software, so you have to go to -say- the IETF's archive of the thing to read it. "AI" crawlers ruin everything.)
EDIT: Do note that that tax return you found is for the Network Time Foundation, not the NTP Project. I don't know if the two are separate entities for tax purposes, but do note that the NTF supports several projects, of which the NTP Project is one. The NTP Project is just for NTP.
bawolff•2mo ago
I can't imagine its much more than that if we are talking about such a small sum.
gastonmorixe•2mo ago
arccy•2mo ago
and $1000 seems at the same time to be quite a bit of money, but also too little to be for funding people long term.
GuB-42•2mo ago
Thankfully, that's also on the front page:
What they are doing:
> The NTP Project produces an open source Reference Implementation of the NTP standard, maintains the implementation Documentation, and develops the protocol and algorithmic standard that is used to communicate time between systems
And why it matters:
> NTP is what ensures the reliability of billions of devices around the world, under the sea, and even in space
Now, it doesn't explain why a reference implementation is a good thing, but I think that at this point, you have a good enough idea to decide if you want to donate or not.
Edit: However, $1000 seems too low to matter. It may not even pay for the expense of the fundraising itself. I think it is more of an awareness campaign: "look at the protocol we all use, you would think we are talking many millions of dollars, but the truth is, you are off by orders of magnitude"
simoncion•2mo ago
But yeah, critical infrastructure usually goes criminally underfunded.
NetMageSCW•2mo ago
simoncion•2mo ago
Relatedly: surely you're not of the opinion that the various GPS constellations are not critical infrastructure?
[0] <https://www.nist.gov/pml/time-and-frequency-division/time-se...>
SAI_Peregrinus•2mo ago
simoncion•2mo ago
littlestymaar•2mo ago
aembleton•2mo ago
shaky-carrousel•2mo ago
ralferoo•2mo ago
Aurornis•2mo ago
You can use the public Google or AWS pools if you want. Note that they have their own software, too, so be sure you understand the differences like leap smearing.
Blocking FAANG IPs from the NTP Foundation’s pools wouldn’t hurt FAANG at all. It would only hurt people who weren’t aware and used the NTP Foundation’s pool for things.
xigoi•2mo ago
alex1138•2mo ago
jahnu•2mo ago
Listen to my last prayer
Hi-ho-silver-o
Deliver me from nowhere
nickelpro•2mo ago
Notably NTPd doesn't support leap-smear, which means those who absolutely must have monotonic time can't use it at all.
mananaysiempre•2mo ago
... shouldn’t be using a Unix timestamp, or anything else that’s not a count of SI seconds elapsed since a fixed reference point, to begin with.
bobmcnamara•2mo ago
mananaysiempre•2mo ago
[1] https://people.csail.mit.edu/rachit/post/you-have-built-a-co..., https://news.ycombinator.com/item?id=29891428
bobmcnamara•2mo ago
...rather than setting a rather awful minimum performance spec of 10ppm smearing over a leap second day.
Three lies: Universal - multiple smear implementations, linear vs cosine off the top of my head.
Coordinated - whose in charge here? Google? Facebook?
Time - doesn't even try for 1s/s
UTC is, for all intents and purposes, yet another human readable time zone. And should be treated as such. The underlying hardware problems I have and understand. Don't need the software making it worse.
tptacek•2mo ago
exasperaited•2mo ago
tptacek•2mo ago
chocalot•2mo ago
I am vaguely aware he has some unpopular political beliefs (though exactly what I don't know). Is that it?
akerl_•2mo ago
Oh, also he doesn't really "contribute" to tech projects so much as "exists near/within them and writes long form ramblings".
chocalot•2mo ago
If he just "exists near", I see even less of a case why someone should avoid it.
But horses for courses, people can choose to avoid for whatever reason.
tptacek•2mo ago
exasperaited•2mo ago
It is not even his beliefs, though many of them are — to my ears and hopefully to most — quite repugnant.
It is his attitude, approach, and at various times the kinds of people he attracts.
As it goes, I've seen him speak, back in the 90s, CatB era. He was genial enough but he seemed to have a coterie around him of rather less pleasant people. It could just have been a bad day but it has stuck in my mind ever since: it was the first time I understood that there's not really any sort of inclsive geek community.
WesolyKubeczek•2mo ago
mlichvar•2mo ago
ntpsec as a project seems to be doing ok. They are releasing new versions, fix reported issues, accept patches, and develop the code publicly. While ntp still has a huge list of acknowledged but unfixed CVEs.
Palomides•2mo ago
tptacek•2mo ago
mlichvar•2mo ago
akerl_•2mo ago
throw0101d•2mo ago
It should be noted that there currently exists no standard, technical or statutory, for how to do leap smearing. If an event happens and you need to tie your timestamped event logs to the 'greater reality' in some legally binding way there's (AIUI) no way to do that.
A few years ago there was a draft on the idea:
* https://datatracker.ietf.org/doc/draft-stenn-ntp-leap-smear-...
And the currently-draft NTPv5 has something about:
* https://datatracker.ietf.org/doc/draft-ietf-ntp-ntpv5/
Though the flag simply says that the timescale is smeared and not (AFAICT) how it is being done.
See also perhaps RFC 8633 § 2.7.1:
* https://datatracker.ietf.org/doc/rfc8633/colechristensen•2mo ago
TAI (Temps Atomique International), is UTC without leap seconds and is the source of truth for "what time is it"
I'm finding conflicting reports of being able to actually use TAI on linux but there are several claims of at least specialty setups existing. You would absolutely not want smearing or anything like that in your time synchronization software in this case.
nubinetwork•2mo ago
NetMageSCW•2mo ago