Possible abuse from fetching the leap second file

Hal Murray hmurray at megapathdsl.net
Mon Aug 15 06:02:08 UTC 2016


esr at thyrsus.com said:
> While I accept this as a general principle, is there anything about the new
> ntpleapfetch that inflicts a heavier load than the old ntpleapfetch has been
> causing for decades with the tolerance of NIST and USNO? 

The old stuff has poor publicity.  None of the major distros/OSes come setup 
to run it from a cron job.  As long as you don't change that we won't have 
any problems.

The problem will happen if somebody improves our documentation enough so that 
somebody notices, and that seems reasonably likely.




> I will also note that the GPSD build process has actually been doing
> something very like ntpleapfetch (to get the current leap-second so it can
> be compiled into the build) for about a decade.  I didn't see it as a
> potential problem when I wrote it, and nobody associated with the targeted
> servers has ever complained to me. 

Two things: 

One, that only happens when building from source.  All the systems running 
gpsd as provided by their distro aren't doing that.

Two, it's not synchronized so that a zillion systems all try to do it 60 days 
before the file expires.


-- 
These are my opinions.  I hate spam.





More information about the devel mailing list