<div dir="ltr"><div><div><div>While I like choice #2 for friendlyness, I have to agree re not to hardwire the pool name without external consent. <br><br></div>Code in choice #1, and if its easy to do, with a big loud warning to stderr and logerr that it's doing nothing. <br><br></div>Supply a reference config file that implements #2<br><br></div><div>..m<br></div></div><br><div class="gmail_quote"><div dir="ltr">On Wed, Sep 20, 2017 at 10:35 AM Achim Gratz via devel <<a href="mailto:devel@ntpsec.org">devel@ntpsec.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Eric S. Raymond via devel writes:<br>
> There are three obvious ways to address this.<br>
><br>
> 1. The infosec-focused way. Change the default restrictions to be<br>
> "allow nothing." This way, if you bring it up with no config, there's<br>
> no harm. It just spins inaccessibly.<br>
<br>
If it does that without complaining loudly enough some folks might think<br>
it's actually doing something and act surprised when it doesn't.<br>
<br>
> 2. User-friendly way. Bring it up with these permissions:<br>
><br>
> restrict default kod limited nomodify nopeer noquery<br>
> restrict -6 default kod limited nomodify nopeer noquery<br>
> restrict 127.0.0.1<br>
> restrict -6 ::1<br>
<br>
Stop it here. No pool (I think hardwiring pool names without consent of<br>
the pool administrators is a no-no). Also, no drift file. You might<br>
want to add "noserve notrust" to the last two statements.<br>
<br>
> pool <a href="http://pool.ntp.org" rel="noreferrer" target="_blank">pool.ntp.org</a> iburst<br>
> driftfile /var/lib/ntp/ntp.drift<br>
><br>
> That is, the behavior 99.9% of all installations want.<br>
><br>
> 3. Leave current behavior alone.<br>
<br>
The current behaviour was addressing a different target audience, so I<br>
see no reason to keep it when we are targeting a different population.<br>
<br>
<br>
Regards,<br>
Achim.<br>
--<br>
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+<br>
<br>
Factory and User Sound Singles for Waldorf rackAttack:<br>
<a href="http://Synth.Stromeko.net/Downloads.html#WaldorfSounds" rel="noreferrer" target="_blank">http://Synth.Stromeko.net/Downloads.html#WaldorfSounds</a><br>
<br>
_______________________________________________<br>
devel mailing list<br>
<a href="mailto:devel@ntpsec.org" target="_blank">devel@ntpsec.org</a><br>
<a href="http://lists.ntpsec.org/mailman/listinfo/devel" rel="noreferrer" target="_blank">http://lists.ntpsec.org/mailman/listinfo/devel</a><br>
</blockquote></div><div dir="ltr">-- <br></div><div class="gmail_signature" data-smartmail="gmail_signature"><p dir="ltr">Mark Atwood<br>
<a href="http://about.me/markatwood">http://about.me/markatwood</a><br>
+1-206-604-2198 Mobile & Signal</p>
</div>