[ntp:questions] Due diligence

Christopher Browne cbbrowne at acm.org
Mon May 2 01:10:43 UTC 2005


After takin a swig o' Arrakan spice grog, Brad Knowles <brad at stop.mail-abuse.org> belched out:
> At 8:18 AM -0700 2005-05-01, Lee Sailer wrote:
>
>>  As I am sure that you all know, there is a legal concept of "due
>>  diligence".  More of less, this means that you are trying to do things
>>  right, even if you are not doing things perfectly.  (I am not a lawyer.
>>   No flames, please.)
>
> 	My wife is a lawyer.  I am familiar with the concept.
>
>>  HP-UX ships with version 3.5f of xntpd (I think). For those NTP buffs
>>  out there, do you think the use of this old version is good enough to
>>  show due diligence?  My company supplies financial services (not time
>>  services) to cusotmers world-wide.  We use NTP internally to keep our
>>  hosts in sync.
>
> 	I think a lot depends on the type of services and how
> time-sensitive your services are.  For example, a local accountant who
> handled the taxes for private individuals would probably not need a
> great deal of accuracy in their system clock.  However, an Investment
> bank with whole rooms full of Wallstreet stock traders, would have
> much higher requirements for clock accuracy.  Both firms provide
> "financial services", the issue is what kind of services, how much
> money is being handled, and how much does a single second of downtime
> cost you?

There is another issue on the flip side, on the 'side of security.'

xntp has known exploits, and is no longer being actively maintained.

There is a good argument for that implying that using it represents
something of a security danger...
-- 
wm(X,Y):-write(X),write('@'),write(Y). wm('cbbrowne','gmail.com').
http://cbbrowne.com/info/slony.html
"I have seen the future, and it does not work."



More information about the questions mailing list