[moe]

Some fields are so complicated that you need superheroes

If there's a vulnerability it affects the entire world

Who is going to build it? You still need the superhero.

Hyperbole much?

If it really was so dire then that would be all the more reason to not rely on a single "superhero" who may get run over by a bus tomorrow.

Gladly NTP is not the mythical voodoo rocket science that you make it out to be. Most large corps run their own NTP servers, some of them public, e.g.:

    time1.google.com
    time2.google.com
    time3.google.com
    time4.google.com

You can also ask your friendly government for the time: http://tf.nist.gov/tf-cgi/servers.cgi

The official NTPd impl doesn't even have a very good reputation (cf. the recent debate about that security vulnerability).

As I see it someone like Google should indeed just hire the guy and take pool.ntp.org under their wing. Throwing even more money at a single guy doesn't convince me as a good way to improve the situation here.

PS: And I don't mind him being paid well at all. I'm very much in favor of important OSS projects getting sponsored and rewarded. But if $7k/mo are not enough to maintain a package that others have re-implemented for free (openntpd etc.) then something seems seriously wrong.

[vidarh]

> If it really was so dire then that would be all the more reason to not rely on a single "superhero" who may get run over by a bus tomorrow.

Which is why he for a couple of years have tried to get corporate sponsors for a foundation to hire more people to work on it, but even that has been met largely with apathy.

> But if $7k/mo are not enough to maintain a package that others have re-implemented for free (openntpd etc.) then something seems seriously wrong.

If you think that's all he does, then you don't understand what he's doing.

You also seem to have missed that $7k also covers all his costs, including hardware replacements and hosting for parts of the servers.

[vinceguidry]

> Most large corps run their own NTP servers, some of them public, e.g.:

Doesn't fix the problem. They have to sync to something, someone's gotta maintain the connection to actual atomic clocks. Something has to secure that connection. Someone has to maintain that something. You're severely underestimating the scope of the problem.

> As I see it someone like Google should indeed just hire the guy and take pool.ntp.org under their wing.

They should, but they probably won't, though they might as a result of this article. That would make protecting the world Google's responsibility and it doesn't make good corporate sense to do that. Google would have to find a real reason to throw $X0 million a year at this. The estimate given by Father Time was $4 million a year, that will only make sense if he builds it himself. If Google does it it will cost a lot more.

This is a resource allocation problem, one traditionally solved by governments. Nobody wants the government to do this, so we have to find some innovative way to fund critical technology projects.

[moe]

They have to sync to something

As I understand it, they usually sync to GPS?

You can buy those boxes on Amazon[1], starting at around $299.

Google would have to find a real reason to throw $X0 million a year at this

$X0 million?!

To construct and run their own atomic clock, or what would they spend so much money on?

I may indeed be completely missing what this guy does. He runs an actual atomic clock in that rack, like the one from NIST[2]?

[1] http://www.amazon.com/TM1000A-GPS-Network-Time-Server/dp/B00...

[2] http://en.wikipedia.org/wiki/NIST-F1

[vidarh]

The server you are showing is a stratum 1 time source intended for LAN use. It's not at all a given (and arguably not likely) that it would be suitable for exposing directly on the public internet to handle high traffic volumes. If not, then that means putting an ntpd in front of it, talking to it over the LAN, in which case you no longer have a stratum 1 time source available publicly.

I everyone had boxes like this, then yes, great, we'd not need reliable publicly accessible stratum 1 servers. But most people don't.

[moe]

I everyone had boxes like this, then yes, great, we'd not need reliable publicly accessible stratum 1 servers. But most people don't.

Um. We have "reliable publicly accessible stratum 1 servers".

Regardless of what happens with the NTPd software, Google will probably continue to provide time1-4.google.com.

NIST will not shut down their timeservers.

And the 3654 servers in pool.ntp.org[1] (which seems to be maintained by a different guy) also won't just disappear overnight, though I'm not sure if these are Stratum 1 (probably not).

I still don't understand what exactly this guy is doing that should cost more than the $7k/mo that he's getting, much less the "$X0 million a year" that vinceguidry wants to allocate to the task.

[1] http://www.pool.ntp.org/zone

[vinceguidry]

Reading the NTP wiki page leads me to believe he's maintaining several reference clocks that can be used if you have no atomic clocks of your own. I would guess that he has to maintain servers with different implementations of the time algorithms so he can test new code against them. He needs to be able to simulate network configurations so he can reproduce issues.

[xenophonf]

> Gladly NTP is not the mythical voodoo rocket science that you make it out to be.

Neither is DNS, but running the root DNS infrastructure (which serve hundreds of millions of users) is a wee bit more complicated than hosting forward lookup zones or even a public caching resolver on a handful of corporate nameservers. So too with the stratum-1 and stratum-2 NTP servers that serve as national or regional standards. They are not simple bits of kit that one throws together and shoves onto the public Internet, especially when they are ultimately used by just about every modern Internet-connected computer out there. That this guy's doing not only all of the software/release engineering but also operating some critical time servers for USD 84000 per year is too good of a deal to be true---and that he's running through his personal savings to finance the NTP project is just shameful on the IT community's (our) part.

[gpvos]

OpenNTPD, chrony, etc., do not have all of the functionality of ntpd.