Wildcard-socket simplification hits a wall
Gary E. Miller
gem at rellim.com
Fri Mar 31 20:42:10 UTC 2017
Yo Mark!
On Fri, 31 Mar 2017 20:06:32 +0000
Mark Atwood <fallenpegasus at gmail.com> wrote:
> I'm inclined to say drop the feature.
Me too, but only as a me too. Don't blame me!
> Yes defense in depth is good, but I think it doesn't really count in
> this case. If a network admin is defending their NTP in depth, they
> will do it in (in order), the local kernel table, the local switch,
> the ingress switch, on the ISP side on the other side of the link to
> the ingress switch, and in their ISP's connection to their transit
> providers.
Now you are thinking big boy toys, a lot of small guys run ntpd. Think
of Hal running a single instance in a VM for the pool.
But then, Hal would not be using this feature...
> The feature also feels very "brittle" to me, from an admin POV. How
> many netadmins are going to remember to update the setting when they
> change anything about the local interface topology, or in the local
> hypervisor or container topology.
Yeah, I've been bitten by that. Especially when Gentoo changed ethernet
intertfaces names a while back.
> And yes, can someone Not Me ask on the NTP list?
I just asked on questions at ntp.org. Did not seem like a hackers at ntp.org
thing.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
gem at rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20170331/37cacc7e/attachment.bin>
More information about the devel
mailing list