Possible abuse from fetching the leap second file
Eric S. Raymond
esr at thyrsus.com
Mon Aug 15 12:37:14 UTC 2016
Hal Murray <hmurray at megapathdsl.net>:
> esr at thyrsus.com said:
> > While I accept this as a general principle, is there anything about the new
> > ntpleapfetch that inflicts a heavier load than the old ntpleapfetch has been
> > causing for decades with the tolerance of NIST and USNO?
> The old stuff has poor publicity. None of the major distros/OSes come setup
> to run it from a cron job. As long as you don't change that we won't have
> any problems.
> The problem will happen if somebody improves our documentation enough so that
> somebody notices, and that seems reasonably likely.
I've thought about this some more, and now I am in doubt that the
general principle (don't use other peoples' resources without their
permission) applies here. I think we need to apply what tort law
would call a reasonable-person test.
Some kinds of public-facing offer of a resource clearly constitute an
implied invitation to download it as needed. Consider, for example, a web page.
I think the NIST/IERS public offer of an authoritative leap-second resource
constitutes the same sort of invitation. If you disagree, ask yourself
if your evaluation would change if that data were in HTML and accessed
through port 80, or accessed by anonymous FTP. Surely the mechanics
of how it's downloaded are irrelevant to the ethics of the situation!
That said, I think we do have a duty in this case, which is to implement some
load-spreading so that the process doesn't hit those servers harder than it has
to. A random delay on the fetch would be polite.
<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
More information about the devel