Login upgrade deployed

Apr 23, 2016

The new login system that was tested on the beta site has been enabled on the production site. The login system is now using Auth0 to add more login options than yet another username and password. If you have a Github, Google, Microsoft or other supported account you can use that to login. If you are one of the many existing users, you have to create a “new account” (sign up again) with the email address you previously used to login to your account.

Continue Reading →

New login system

Jan 4, 2016

This week we’re testing using Auth0 to login on the beta site. This will hopefully make the user account management much easier for everyone.

The beta site is a full installation of the system running with a separate database that gets new code before the regular site.

Continue Reading →

Important ntpd vulnerability, please upgrade

Dec 22, 2014

As you might have seen a few days ago several potentially critical security vulnerabilities in all versions of ntpd were announced.

Most OS’es have released back-ported fixes. Depending on your specific ntp and network configuration you might not be exposed, but the easiest way to make sure your systems aren’t vulnerable is to apply the software updates and make sure ntpd has restarted on the fixed version.

Alternatively you can read the announcement page linked above carefully and make configuration changes to mitigate the issues.

If you have built ntpd from source, the easiest fix is to update to 4.2.8. If you have trouble building that version, there’s a “4.2.8p1-beta1” version available now from support.ntp.org as well with some fixes.

If you aren’t already subscribed then you might be interested in subscribing to the NTP Pool discussion mailing list. For general discussion of NTP there’s the comp.protocols.time.ntp newsgroup.

Important configuration changes for NTP servers

Jan 12, 2014

If you are using the standard ntpd daemon to serve time to the public internet, it’s important that you make sure it is configured to not reply to “monlist” queries. Many routers and other equipment are included in this.

The configuration recommendations include the appropriate “restrict” lines to disallow any management queries to ntpd. Most Linux distributions will have an updated version by now that just disables the “monlist” queries, that will also solve the primary problem.

The NTP Support wiki has more information.

If you operate a network you can use the Open NTP Project to see if you have vulnerable devices on your network.

IPv6 monitoring problems for German servers

Jun 28, 2013

This week we had a period of weird behavior for the monitoring system for (mostly) German IPv6 servers.

After much back and forth on the mailing list and numerous debugging sessions we got this information from a network engineer at Hurricane Electric:

Continue Reading →

Brief outage for NTP Pool websites

May 17, 2013

The NTP Pool “backend systems” are moving racks at Phyber. To minimize the risk of things going wrong we’re doing it the old-fashioned simple way of turning everything off, moving it and turning it on again. It will mean about an hour where servers are not monitored and we can’t add new ones or access the www.pool.ntp.org site.

In the new rack there’ll be more power available so when the move is done we’ll have more capacity.

Server upgrades at ntppool.org

Apr 23, 2013

Over the last couple of months we had a couple of the “central servers” fail. It hasn’t caused any service outage for the NTP clients, but some of you might have noticed that the manage NTP Pool site has been sluggish at times.

A few months ago I bought a few new servers and sent them down to our friends at Phyber Communications who wired them up in their hosting facility. Over the last weeks I’ve added puppet declarations to configure them and since earlier this evening they’re in production for the web sites and a few other services.

Continue Reading →

DNS server in Go - Big NTP Pool upgrade

Oct 9, 2012

Over the last month the NTP Pool has gotten the biggest upgrade it has had in years. The changes has given us much more scalability and performance.

As you might know, the NTP Pool system is essentially a monitoring system and a smart DNS server. Server operators register their server in the system, the monitoring system checks and evaluates the submitted servers and the DNS server gives end-users a (hopefully) local selection of servers, weighted by preferences given by the server operator and other factors.

Last month there was a big change to the DNS server.

Continue Reading →