LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Hardware
User Name
Password
Linux - Hardware This forum is for Hardware issues.
Having trouble installing a piece of hardware? Want to know if that peripheral is compatible with Linux?

Notices



Reply
 
Search this Thread
Old 02-16-2014, 12:35 PM   #1
Mig21
Member
 
Registered: Jan 2005
Posts: 193

Rep: Reputation: 33
Your own atomic clock?


Hi everyone

I've been struggling to find how I can make my server's time more accurate.

I could use NTP to sync with a public NTP server but it bothers me that it's so insecure. Same problem with radio clocks. A GPS clock is not an option cause the server is inside.

So I've been looking for an hour and I can't find any consumer device that's an accurate (atomic or close to atomic) computer clock. Does anyone know of one or do you need a nuclear research lab to get one of those?

And even if I can't have my own, can someone suggest a USB radio or GPS clock that's likely to work indoors (in Canada)?

Thanks
 
Old 02-16-2014, 01:05 PM   #2
metaschima
Senior Member
 
Registered: Dec 2013
Distribution: Slackware
Posts: 1,706

Rep: Reputation: 417Reputation: 417Reputation: 417Reputation: 417Reputation: 417
NTP is not insecure, especially if you keep it up-to-date and configure it properly. This is your best option and will probably remain so.

How is a radio clock insecure ?

Atomic clocks are extremely expensive, and you should know that NTP time is an average of many atomic clocks, because they too are inaccurate.
 
Old 02-16-2014, 01:32 PM   #3
Mig21
Member
 
Registered: Jan 2005
Posts: 193

Original Poster
Rep: Reputation: 33
Do you have any more information about NTP security? All I could find is explanations of how public NTP is vulnerable to the simplest attacks like DNS poisoning, packet injection, and replay attacks.

Encryption was apparently never a strongly-defined part of the standard and is to this day not implemented really anywhere, probably mostly because of the cost of encrypting and/or signing.

A radio clock is insecure because it (the source) is a single point of failure and because overriding a radio signal in a small geographic range can be done very easily with cheap hardware.
 
Old 02-16-2014, 02:00 PM   #4
metaschima
Senior Member
 
Registered: Dec 2013
Distribution: Slackware
Posts: 1,706

Rep: Reputation: 417Reputation: 417Reputation: 417Reputation: 417Reputation: 417
The main current concern with NTP is the DDOS, but if you update or configure it properly you'll be safe from this.
http://en.wikipedia.org/wiki/Network...urity_concerns
https://www.us-cert.gov/ncas/alerts/TA14-013A

Here's something to look into if you are still concerned:
http://linux.die.net/man/5/ntp_auth

I suppose radio clocks could be overridden by a strong local signal.
 
Old 02-16-2014, 05:09 PM   #5
Mig21
Member
 
Registered: Jan 2005
Posts: 193

Original Poster
Rep: Reputation: 33
Yeah it says right there "NTP servers are susceptible to man-in-the-middle attacks unless packets are cryptographically signed for authentication."

Am I looking in the wrong place? Cause I can't find any public NTP servers that offer encryption.
 
Old 02-16-2014, 06:27 PM   #6
John VV
Guru
 
Registered: Aug 2005
Posts: 13,854

Rep: Reputation: 1853Reputation: 1853Reputation: 1853Reputation: 1853Reputation: 1853Reputation: 1853Reputation: 1853Reputation: 1853Reputation: 1853Reputation: 1853Reputation: 1853
there is always the shortwave time signal - though it has been a few years since i had a shortwave radio
it is the std " beep" " beep " " beep"

http://www.nist.gov/pml/div688/grp40/wwv.cfm
http://www.dxinfocentre.com/time.htm

as to a caesium ion clock or a strontium one

have fun trying to get those isotopes
you used to be able to , but ...... not now

Last edited by John VV; 02-16-2014 at 06:31 PM.
 
Old 02-16-2014, 09:02 PM   #7
sgosnell
Member
 
Registered: Jan 2008
Location: Baja Oklahoma
Distribution: Debian
Posts: 439

Rep: Reputation: 88
GPS can work. Modern GPS receivers can receive signals inside, and you can always use either a bluetooth GPS receiver, or a USB receiver with an extended cable. Bluetooth is probably the best choice, and you can get a bluetooth GPS receiver rather cheaply. If it's so far inside that neither bluetooth nor USB is possible, you really need to rethink your problem, and go with ntp regardless of the security issues. You will not be able to acquire your own atomic clock, and even if you had one, you would have to synchronize it before you could use it. Don't even think about that possibility.
 
Old 02-17-2014, 02:39 AM   #8
ericson007
Member
 
Registered: Sep 2004
Location: Japan
Distribution: CentOS 6.5
Posts: 483

Rep: Reputation: 85
Also try ptp instead of ntp. It is more accurate, but what exactly you need that accuracy for, i don't know. Most people that are serious about time tend to go the gps + ntp way.
 
Old 02-17-2014, 04:21 PM   #9
jefro
Guru
 
Registered: Mar 2008
Posts: 12,342

Rep: Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565
Create a virtual machine that is used for ntp. Use it as your master time.
In a real sense, if your system is connected to the internet, it is not considered secure. I'd wonder who has been attacked by ntp.
It may be possible to secure it http://www.ntp.org/ntpfaq/NTP-s-algo-crypt.htm


The US provides North America with a number of time signals on various bands from lf to hf and even via different satellites. As to why you'd need such accuracy on a pc or server is odd to me. The quality of the time is way beyond what your computer could need.
 
Old 02-18-2014, 09:30 PM   #10
Mig21
Member
 
Registered: Jan 2005
Posts: 193

Original Poster
Rep: Reputation: 33
Thanks for the suggestions everyone!

My dislike of plain text NTP over the internet can be explained like this, ask yourself the question: would you be ok with me connecting to your computer remotely whenever I want and changing your clock to whatever I want? I know it's silly (why would someone care to do that) but it just seems plain wrong, you don't allow things like as a matter of principle.

Right now I'm relying on my Linux clock (I think the BIOS clock is only used during bootup, which happens very rarely) and I'd be perfectly happy with that except that it drifts quite a bit, maybe 30 minutes every month, which is a problem for sent/received emails, various server logs, version control, etc. So yeah..

Quote:
as to a caesium ion clock or a strontium one

have fun trying to get those isotopes
you used to be able to , but ...... not now
I don't really need one of those, even though it would be super cool, but I would like something better than what I have now. Why is that so hard? I mean even my cheap wristwatch is about 50 times more accurate than my server

Quote:
Modern GPS receivers can receive signals inside, and you can always use either a bluetooth GPS receiver, or a USB receiver with an extended cable.
That would be perfect for me, can you suggest what hardware to get and how to configure it as a time source?
 
Old 02-18-2014, 11:14 PM   #11
gotfw
Member
 
Registered: Jan 2007
Posts: 414

Rep: Reputation: 69
This being a Linux forum I'll take some heat for this but I prefer using OpenNTP from the folks who brought us OpenBSD. Yeah, it's technically not as accurate to the umpteenth decimal place but it's plenty good enough and, more importantly, the code has been audited by some of the best of the best.

So you set your (open)ntpd daemon up to sync with some public TierII servers (use us.pool.ntp.org). Then you configure your (open)ntpd daemon to _listen_ for ntp requests _only_ on safe ports, i.e. internal LAN interfaces, where you have at least some control over who/what can poll your time server.

http://www.openntpd.org/

If that doesn't float your boat, a quick search on Amazon turned up this:

http://www.amazon.com/TM1000A-GPS-Ne...ps+time+clocks

And if you want to get even more serious and have a switch that supports POE:

http://www.veracityglobal.com/produc...n/timenet.aspx

My $0.02. You get what you pay for...

Last edited by gotfw; 02-19-2014 at 12:00 AM.
 
Old 02-19-2014, 12:08 AM   #12
ericson007
Member
 
Registered: Sep 2004
Location: Japan
Distribution: CentOS 6.5
Posts: 483

Rep: Reputation: 85
Quote:
Originally Posted by Mig21 View Post

My dislike of plain text NTP over the internet can be explained like this, ask yourself the question: would you be ok with me connecting to your computer remotely whenever I want and changing your clock to whatever I want?
The issue regarding the ntp debate is not so much about changing your clock. It is about ntp requiring only a small amount of data to make a request for accurate time then it send back about twice the amount of data received. With all the ntp servers that automatically respond, it causes an issue where it can be used for ddos attacks. Who gives a rats arse about what time your computer shows? If someone will actually spend time to hack your machine, i can promise you they will not even bother with something arbitrary like that.
 
Old 02-19-2014, 11:56 AM   #13
metaschima
Senior Member
 
Registered: Dec 2013
Distribution: Slackware
Posts: 1,706

Rep: Reputation: 417Reputation: 417Reputation: 417Reputation: 417Reputation: 417
Quote:
Originally Posted by gotfw View Post
If that doesn't float your boat, a quick search on Amazon turned up this:

http://www.amazon.com/TM1000A-GPS-Ne...ps+time+clocks

And if you want to get even more serious and have a switch that supports POE:

http://www.veracityglobal.com/produc...n/timenet.aspx

My $0.02. You get what you pay for...
Those are nice if you can fork out the $$$.
 
Old 02-19-2014, 12:32 PM   #14
Mig21
Member
 
Registered: Jan 2005
Posts: 193

Original Poster
Rep: Reputation: 33
Quote:
http://www.amazon.com/TM1000A-GPS-Ne...ps+time+clocks

And if you want to get even more serious and have a switch that supports POE:

http://www.veracityglobal.com/produc...n/timenet.aspx
Ah, those are perfect! Except for the price and I'd have to pay duties on them too since they'll be shipped internationally.

I guess I have my answer: there is nothing consumer-grade available to solve this problem, though 300$ to 1000$ is reasonable for a large enough business.

Maybe I can build my own.. buy 5 chips from different manufacturers that keep time (something like http://www.amazon.com/DS3231-AT24C32...dp/B00HCVNPVQ/ ), put them all on one board, do the NTP pool algorithm on that board, and use the result as a time source

Hell, just one of them is probably better than what I have now!
 
Old 02-19-2014, 03:43 PM   #15
jefro
Guru
 
Registered: Mar 2008
Posts: 12,342

Rep: Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565Reputation: 1565
I still can't figure out why you need such high precision on such a low precision computer?

I've known some devices that use the local power supply as clock signal. In some countries that frequency is very very poor.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Why can't I get a simple atomic clock synch iand Linux - Software 2 01-31-2010 03:27 AM
GPS or Atomic Clock for NTPD slacky Linux - Networking 3 12-15-2006 07:13 AM
atomic clock sync salviadud Slackware 8 03-01-2005 12:28 AM
Atomic Clock with Dial-up Connection bezaleel Linux - Newbie 1 04-03-2004 10:38 AM
Atomic Clock Sync cjwcash Linux - Software 1 08-06-2003 01:14 PM


All times are GMT -5. The time now is 10:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration