All of the angry comments from people who think NTP will stop working if the donation bar doesn’t get to $1000 are misinformed. Also note that the bar isn’t updating. It’s been stuck at $365 for myself and others despite donations coming in.
The goal has now mysteriously changed to a goal of $4000.
>$4,560 of $8,000 raised
Why bother? Many of the rabbit holes one could venture down in learning to set up a stable time server can also benefit application servers in terms of latency, responsiveness, learning how to get clients to share resources and so much more. Rather than trying to find cooperative stratum-1 servers, one can start by using each of the Google, Facebook and Apple public stratum-1 servers [2] to get started. They get beat up a lot but most of them are stable most of the time.
Ask your favorite LLM how to set up a public NTP server using NTPD or Chrony. For extra credit play with each of them.
[1] - https://www.ntppool.org/en/join.html
[2] - # grep -E "facebo|goog|appl" /etc/hosts
17.253.16.253 time.apple.com
129.134.28.123 time1.facebook.com
129.134.29.123 time2.facebook.com
129.134.25.123 time3.facebook.com
129.134.26.123 time4.facebook.com
129.134.27.123 time5.facebook.com
216.239.35.0 time1.google.com
216.239.35.4 time2.google.com
216.239.35.8 time3.google.com
216.239.35.12 time4.google.comReally drives home one of my favourite half-jokes: every sensor is a temperature sensor; some of them measure other things too.
Notably NTPd doesn't support leap-smear, which means those who absolutely must have monotonic time can't use it at all.
It should be noted that there currently exists no standard, technical or statutory, for how to do leap smearing. If an event happens and you need to tie your timestamped event logs to the 'greater reality' in some legally binding way there's (AIUI) no way to do that.
A few years ago there was a draft on the idea:
* https://datatracker.ietf.org/doc/draft-stenn-ntp-leap-smear-...
And the currently-draft NTPv5 has something about:
* https://datatracker.ietf.org/doc/draft-ietf-ntp-ntpv5/
Though the flag simply says that the timescale is smeared and not (AFAICT) how it is being done.
See also perhaps RFC 8633 § 2.7.1:
[…]
Operators who have legal obligations or other strong requirements to
be synchronized with UTC or civil time SHOULD NOT use leap smearing
because the distributed time cannot be guaranteed to be traceable to
UTC during the smear interval.
[…]
Any use of leap-smearing servers should be limited to within a
single, well-controlled environment. Leap smearing MUST NOT be used
for public-facing NTP servers, as they will disagree with non-
smearing servers (as well as UTC) during the leap smear interval, and
there is no standardized way for a client to detect that a server is
using leap smearing. However, be aware that some public-facing
servers may be configured this way in spite of this guidance.
... shouldn’t be using a Unix timestamp, or anything else that’s not a count of SI seconds elapsed since a fixed reference point, to begin with.
But yeah, critical infrastructure usually goes criminally underfunded.
I too would be interested in knowing what the Network Time Foundation is researching, and I think conversation about that is appropriate here. NTP certainly _seems_ like it’s been ‘good enough’ for decades to an uninformed observer, and discussing if and why it’s not would be interesting (and perhaps motivate donations!)
Really? The sentence at the top of the Donate page seems pretty clear to me:
> Your donation helps Network Time Foundation maintain the NTP website and provide resources and support to NTP developers.
Is it unclear to you?
There was a fork to clean up and secure the implementation: https://ntpsec.org and ideally they would combine forces.
Summarized here: https://lwn.net/Articles/713901
Even if it's not, ESR is involved so it's not serious.
> 1 error prohibited this submission from being saved:
> Looks like you are not a human
Good to know.
(Edited to add: that was from Safari. Chrome worked. YMMV.)
Too bad that good projects mess their donations up by doing web BS.
Though they could fake it: take the current cleared total and add your amount for your display.
I’d like to see more projects do a breakdown of total yearly costs (including contributor compensation!), how much existing sponsorships from companies actually cover, and what number they’d need to operate properly (with full-time, paid contributors).
Of course the same thing happens in reverse (see recent python.org refusal to accept federal funding)
> Is it really necessary for a DEI policy being required to appear…?
So ignoring the, well, ignorance of the remainder of your statement, it’s worth pointing out that these entities already publish mission statements, community/contributor guidelines, and a raft of other documentation that governs how they intend to operate as a way of greasing the wheels of operations. Policies are the norm, not the exception, because they dictate the rules of engagement.
So yeah, I’m all for groups making clear what they do and do not find acceptable. Transparency is a good thing, be it in code (open source), accounting, policy, or governance. And if more groups opened up their books and laid bare their operations, it’d be easier to tie their outcomes to industrial and governmental bad actors (like AWS, Google, Microsoft, Apple, etc) that fail to substantially support these technologies, or demand favors or policy changes in exchange for basic funding.
Ideally? Orgs that use open source tech in their products ought to chip in a fixed percentage to ongoing support of that project. If an entity like AWS chipped in, say, 0.01% of revenue from every service that used NTP, then the NTP organization almost certainly wouldn’t require additional funding.
I donated an amount but the bar didn't move and is at the same level($395) as before my donation
Let it fail and see what happens.
> Trillion dollar companies depend leech on it
Are you confusing the NTP Foundation (the group asking for donations) with NTP the protocol or the NTP software itself?
This donation request isn’t even for the public NTP pool. Read the donation page carefully.
The big companies you’re angry at are neither dependent upon nor leeching from this group. They run their own NTP infrastructure, which in some cases has their own developments and adjustments.
Google’s, for example, uses time-smearing to handle leaps. This is different than the standard and therefore you shouldn’t mix Google’s leap-smearing NTP system with NTP servers that don’t leap smear.
> Let it fail and see what happens.
This is a real “cut off your nose to spite your face” moment, but worse: Those public companies don’t depend on any of this. They provide their own server pools and in some cases develop their own software with their own advancements. Cheering for the NTP Foundation to fail because you think it will hurt big companies is very uninformed.
Maybe letting Ntp fail will wake up some of the employees of other companies to the absolute sad state of the software world.
I’m too poor to have too much revenue that I need to donate some away to pay fewer taxes. That’s a problem corporations have.
It will get replaced by a proprietary protocol/paid service from each Azure, Cloudflare, Google, AWS, ...
The rest of us will be S.O.L.
They also don’t use the reference implementation (which is maintained by the group this donation is for). Your distros and software probably doesn’t use it either.
The commenter above who thinks shutting down the NTP Foundation will hurt FAANG because they “leech” off of NTP Foundation is completely uninformed.
Even if the NTP pool somehow died, all it takes to make your own Stratum 1 NTP service is a GPS chip. An old phone probably makes a great small-scale NTP server, or an ESP32 with a GPS chip attached. 20 years ago it would have required exotic parts, but they're mundane, cheap and omnipresent these days.
Another approach could be to move this under the umbrella of any of the other OSS foundations. I can imagine the Linux Foundation would be a good place. Well funded, already has most of the stakeholders involved, and this clearly falls in their scope of interest at least. It would not surprise me if that wasn't discussed at some point.
This smells a bit like something that might be more complicated than it looks.
Donate some time: Ask your boss if their company could chip?
Something like money to the endowment from the big corp, then would be recipients petition the endowment for ongoing funding, some board decides based on a set of open protocols...
Because honestly I've seen this a bit recently - major infrastructure projects looking for effectively pocket change; a couple thousand.
They shouldn't ever have to beg for money, this is stupid.
For example, OpenSSH. Used everywhere yet IBM gives a big fat 0 to that project even though OpenSSH is even used in AIX. Even though I love to complain about Microsoft, M/S does donate a decent amount to OpenSSH via OpenBSD, so M/S gets my respect for doing that.
Time companies like IBM steps up and give, if not, we are back to playing with CMOS date/time. Which is how things were when I started programing at a large company decades ago.
https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-ti...
AWS already provides their own time service and it’s both public and free https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-ti...
and still, I'd never put it past them to figure out something that I haven't.
I reflexively donate a little to things like this and I think everyone else should to.
I submitted a request for commercial use via their online form but never received a response.
Firstly, the most important reason the ntp.org domain name is so well known is because of the NTP pool, which is an entirely separate project (the Network Time Foundation calls it an associated project), which was allowed to use the `pool.ntp.org` domain name, but does not directly receive significant funding from the Network Time Foundation as far as I understand (I do not know the details of the domain name arrangement). That pool project was developed independently of the Network Time Foundation and is run by a different group of volunteers, mostly being developed and maintained by Ask Bjørn Hansen and hosting servers entirely consisting of (sometimes professional) volunteer operators. This is what many NTP implementations, specifically many Linux distributions, use as their standard source of time. But it does not appear to depend much on the Network Time Foundation for continued existence.
Secondly, despite all the claims made on the Network Time Foundation site, the IETF took over development and maintenance of the NTP protocol for something like two decades now already under the NTP working group. This was all done with the Network Time Foundation fully agreeing this was the way forward. But for some reason they still consider themselves exempted from any process that the IETF uses and consider themselves as the true developers of the protocol. They constantly frustrate the processes that the IETF uses, claiming that they should receive special treatment as being the 'reference implementation'. Meanwhile, the IETF NTP WG does not have a concept of the reference implementation at all, instead considering all NTP implementations equal.
Aside from this frustrating stance, the Network Time Foundation also didn't do much work on trying to forward the standard at all, instead relying on the status quo from the late 90s and early 2000s. Meanwhile the IETF NTP WG worked on standardizing a way to secure NTP traffic (with regular NTP traffic being relatively easy to man in the middle, with older implementations even being so predictable that faking responses didn't even need reading the requests). That much more secure standard, NTS, was fully standardized in September of 2020, but the Network Time Foundation continues to not implement this standard. All of this has resulted in almost every Linux distribution that I know of replacing their ntpd implementation with NTPsec (with ntpd not even being available as an alternative anymore for installation).
Meanwhile people also started working on NTPv5, in order to remove some of the unsafe and badly defined parts of the standard, and in general bring the spec back up to date. As part of this process, it was decided some time ago that in contrast to the previous NTP standards, the algorithms specifying what a client should do in order to synchronize the time should be removed from the standard (the algorithms specified in the previous standards were not being used by any implementation, not even the ntpd implementation by the Network Time Foundation itself). NTPv5 instead focuses on the wire format of NTP packets and the simple interactions between parties. Yet despite there having been a consensus call on this, and despite no current implementation following the exact algorithm as specified in NTPv4, the Network Time Foundation continues to frustrate the process by claiming that these algorithms are an essential part of the standard.
All of this frustration was also a large part of why the PTP protocol was eventually developed at the IEEE. That is to say: even though the operating mode of PTP is often quite different to that of NTP these days, the information that needs to be transferred is essentially the same, and the packets could have trivially been defined to be the same as long as NTP had built in a little bit of additional flexibility a little bit earlier. This would have also helped NTP in the end (with for example hardware timestamping only being implemented for PTP right now, even though it could have been just as useful in NTP), and with PTP now also aiming to introduce a simpler client-server model via CSPTP that looks a whole lot like what NTP was trying to achieve all this time with its most used operating mode.
It is my belief that the Network Time Foundation continues to push themselves in a corner of more and more irrelevance even though that did not need to be. The historical significance of David Mills' ntpd implementation is definitely there, and we should applaud the initial efforts and their focus on keeping the protocol open and widely available. And I do believe that the current people at the Network Time Foundation could still provide more than enough valuable input in the standardization process, but they cannot claim anymore to be the sole developers of the NTP protocol. Times have changed, there are now multiple implementations with an equally valid claim. Especially with GNSS (specifically GPS) being under attack more and more these days, we need alternative ways of synchronizing computer clocks to a standard time in a secure way. NTP and NTS are perfectly positioned to take on that task and we need to make sure that we keep the standard up to date for our evolving world.
Edit: if you want something else to donate to, I would consider donating to the IETF, NTPsec, or maybe donating some time to the NTP pool. I would also link to donations for Chrony (one of the other major NTP server implementations) but they do not appear to offer anything. Linking to my own project's donation page does not seem fair considering the contents of this post.
Are these goals monthly goals, with the counter being reset? The sites don’t make that clear.
NTP might not be able to generate AI cat videos full of hallucinations but it is a vital part of web infrastructure. The same can't be said about today's mega projects.
They support billions of devices and are only asking for $4,000 in donations per year.
And yes, they're separate from the NTP Pool Project, which runs the actual servers, but the Network Time Foundation supports the software that billions of devices run on.
[1] https://floss.fund/projects/2025/
[2] https://floss.fund/blog/second-tranche-2025-anniversary/#wha...
[0]: https://web.archive.org/web/20251112110436/https://www.ntp.o...
It's so easy to run your own NTP server. You can set up a pretty decent one using GPS PPS for like $200. My home ntp server is good for +/- 1us if you believe its ntpq stats...
This isn't like DNS. Everyone can run their own local NTP and that's fine. The only true shared infrastructure is the GPS constellation.
What I Mean:
Reference .gov atomic clock (not radium one) -> NTP -> ? -> ? -> satellite control station -> gps -> PTP
Hahaha
Is there any reason to believe that PTP would be better in normal networks?
