Profile cover photo
Profile photo
Mark Atwood
Mark's posts

Having "login with... (Google, Facebook, Twitter, LinkedIN, Live, Office365, Github, SAML)" and then forcing me to create a new password anyway, and asking me to fill in a profile that can be populated from that login method, is missing the point.

I'm look at you right now,

Post has shared content
The NTPsec Project is pleased to announce the release of version 0.9.7.

The code size has been further reduced, to 60KLOC.

A shell script, buildprep, has been added to the top level source directory. It prepares your system for an NTPsec source build by installing all required dependencies on the build host.

Extra digits of precision are now output in numerous places. The driftfile now output 6 digits past the decimal point instead of 3. The stats files now output 9 digits past the decimal point instead of 6 for some fields. ntpq and ntpmon also report extra digits of precision in multiple places. These changes may break simple parsing scripts.

Four contrib programs: cpu-temp-log; smartctl-temp-log, temper-temp-log, and zone-temp-log; have been combined into the new program ntplogtemp. The new program allows for easy logging of system temperatures and is installed by default.

The SHM refclock no longer limits the value of SHM time by default. This allows SHM to work on systems with no RTC by default.

The following CVEs revealed by a Mozilla penetration test and reported in CERT VU#325339 have been resolved:

CVE-2017-6464: Denial of Service via Malformed Config
CVE-2017-6463: Authenticated DoS via Malicious Config Option
CVE-2017-6458: Potential Overflows in ctl_put() functions
CVE-2017-6451: Improper use of snprintf() in mx4200_send()

The following CVEs, announced simultaneously, affected NTP Classic but not NTPsec, because we had already removed the attack surface:

CVE-2017-6462: Buffer Overflow in DPTS Clock
CVE-2017-6455: Privileged execution of User Library code
CVE-2017-6452: Stack Buffer Overflow from Command Line
CVE-2017-6459: Data Structure terminated insufficiently
CVE-2017-6460: Buffer Overflow in ntpq when fetching reslist

We gratefully acknowledge the work of of Dr.-Ing. Mario Hederich at Cure53 in detecting these problems and his cooperation in resolving them.

As always, you can download the release tarballs with sums and signatures from and can clone the git repo from

The GPG signatures for the tarball, sum file, and signed git tag can be checked with GPG key 0x05D9B371477C7528

I've never had a Dilbertesqe "pointy haired boss". I've never had a bad manager. Not even when I had teenager scutwork labor jobs.

I have encountered them, true, and dealt with the damage they do, from multiple levels above me, and in management chains next to mine, and in other companies and orgs. But I've never personally had to suffer under one.

There is an old joke about the programmer who gets stuck in the shower, because they read and follow the instructions printed on the bottle of shampoo: "lather, rinse, repeat", and because there is no exit condition, they stay in the shower forever, washing their hair. (Or until an exception gets thrown, when either the hot water runs out, the shampoo runs out, or the person's biology raises a critical exception, breaking the loop).

This joke completely misses the point of what programmers do.

Programmers are not computers. Programmers, or at least competent ones, instead emulate computers in their heads, with a timeless gnostic oversight of that emulation, looking for problems just like that one.

The actual real job and purpose of a programmer is to look at poorly specified piles of policy and requirements, written by other people who appear to be congenially unable to actually think things through, and then notice mistakes like "there is no exit condition", and either fix it in implementation, or go back and force the policy makers and requirements sources to fix the mistake before it gets implemented.

This, this, is why most good programmers tend to get politically and socially weird, and why most good programmers have a violent aversion to the jobsworth excuse when someone in a position of responsibility or authority tries to excuse doing something terrible with "that's the policy".

(And will get doubly enraged when obviously the person making the excuse is transparently hypocritical about it, and is obviously instead implementing an even worse unwritten policy that they know would not be tolerated if it was written down and admitted to.)

Post has attachment
I finally got around to listing for sale on etsy the stash of Navisys 701W GPS/GLONASS receivers I have on hand, after my stash of 601W's sold out.

These receivers are pretty cool, because they are USB, so you can plug them into just about any computer, yet they strobe the 1 pulse per second signal out the simulated DCD line. That makes them unique from all the other cheaper USB GPS pucks on the market.

Even with USB jitter, that PPS strobe is good enough to turn any random PC into a NTP Stratum-1 time server.

They Just Work with the open source GPSD project.

Or you could plug one into a Windows box, and Windows Location Sensor Support should just start working.

There were, in fact, some good things about Zack Snyder's portrayal of the Superman myth.

Specifically, the glimpses of Kryptonian personality, culture, and society, add something really useful and illuminating to the myth of the character.

Kryptonians by that point were designed, molded, and trained, for their role in their ancient and functional society.
The members of the Planetary Counsel could only conceive of political and law-enforcement ways to understand and deal with the problem.
Dru-Zod could only conceive of military ways to understand and deal with the problem.
Lara Lor-Van only knew of records of the past to understand and deal with the problem.
Even Jor-El could only conceive of scientific and technological ways to understand and deal with the problem. It was only by sheer luck and accident that he found a solution at all, and his solution was extraordinarily constrained.

With the tools and wealth available to them, there was an obvious way to save their culture and their population, but they were completely trapped by their own culture.

Which is a good thing, narratively. A galaxy full of a billion Kryptonians is a Lovecraftian horror. One single Kryptonian is a Lovecraftian horror, in even a slightly more realistic setting.

Swell. YET ANOTHER corporate chat system:

My rant about how idiotic it is to tightly couple something's UI with it's network protocol with it's API with it's data model with it's implementation gets more and more true every passing week.

Yesterday, in an ongoing facebook messenger chat I have with a friend of mine, FBM inserted a message what was very obviously from neither of us, and was meant to be read by somebody else, and was pretty personal to those people.

Mis-delivery of messages is something that should not be that hard for a chat system to not do, but it's apparently too much for FBM to manage. Do not use FBM for anything really important.

Lisp was not invented. It was discovered.

I am slowly gearing up to make the argument that NTPv5 (and probably also UNIX epoch time) should use TAI, not UTC. Leap seconds are a mere local presentation level issue, like timezones, and should be handed in a similar way, with an out-of-band delivered lookup and correction table to be used by the presentation and display layer.

If any computer system really actually MUST be sync'ed to this one planet's rotational and orbital deviations, it's not going to use UTC anyway (which can be up to 0.5 seconds or 230 meters off true), but will be getting it's own source of sidereal and synodic corrections.
Wait while more posts are being loaded