Tom Hornberger on 12 Sep 2016 06:52:39 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Possible talk on NTPsec?

I'd like to hear about it.  PLUG West conveniently lacks a scheduled topic on the19th! :)


-----Original Message-----
From: Eric S. Raymond <>
To: plug <>
Sent: Mon, Sep 12, 2016 9:48 am
Subject: [PLUG] Possible talk on NTPsec?

It's been many years since I gave a PLUG talk. Now I have a topic I'd
like to raise awareness of.

I've spent the last 18 months leading a project called NTPsec, a
massive cleanup and refactoring of the Internet time-service daemon
code intended among other things to seriously improve security; the
reference implementation we forked from is notoriously vulnerable to use
as a DDoS amplifier.

The story of NTPsec has some useful lessons about writing
low-defect-rate code, reduction of attack surface as a security
strategy, and the underappreciated impact of Unix API standardization.

The project is at
<a href=""" target="_blank">">Eric S. Raymond</a>

Fantastic doctrines (like Christianity or Islam or Marxism) require unanimity
of belief. One dissenter casts doubt on the creed of millions. Thus the fear
and the hate; thus the torture chamber, the iron stake, the gallows, the labor
camp, the psychiatric ward. -- Edward Abbey
Philadelphia Linux Users Group --
Announcements -
General Discussion --
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --