SINGLESOCK - How much to strip away?

Eric S. Raymond esr at
Sat Jun 2 19:08:52 UTC 2018

Gary E. Miller via devel <devel at>:
> Yo Eric!
> On Sat, 2 Jun 2018 10:27:05 -0400
> "Eric S. Raymond via devel" <devel at> wrote:
> > Hal Murray via devel <devel at>:
> > > One interesting case is the home user.  Roughly, they don't have
> > > sysadmins and they only have one interface.  (Laptops might have
> > > both WiFi and Ether, but I'll bet somebody turns off WiFi if the
> > > Ether gets plugged in.)  
> > 
> > For them, just defaulting to listen on the wildcard address is OK.
> > I think.  Am I missing something?
> Yes.  For example, imagine you are serving leap smeared time on yout
> ntpd.  You do not want it leaking on the internet.  So instead you lock
> your ntpd to serve just your inside interface, and your internal IPs.
> The easy way to server your internal IPs is to assign your ntpd to your
> internal non-routed local private IPv4 numbers.
> You may say that can be duplicate in your firewall settings.  But maybe
> you want to run two ntpd, one leap smeared, one normal.  And you want to
> put one on one interface/address, and the other on another interface/address.
> Both quite common configurations.

For a home user????

I think we're failing to distinguish some cases here.

Mark, would you explain how you think an admin would handle such a scenario
under Case OMEGA? I certainly don't have a clue. 
		<a href="">Eric S. Raymond</a>

My work is funded by the Internet Civil Engineering Institute:
Please visit their site and donate: the civilization you save might be your own.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <>

More information about the devel mailing list