Skip to content

Latest commit

 

History

History
71 lines (52 loc) · 2.85 KB

plans.adoc

File metadata and controls

71 lines (52 loc) · 2.85 KB

What we plan to do

Hammer the bug list flat

The NTP Classic codebase had accumulated serious vulnerabilities. We’ve worked overtime to identify and plug the critical holes; more needs to be done on the lesser ones. Our goal is to reach the exceptionally low defect-per-thousand-hour rates of GPSD and RTEMS; we have the people and the skills to do it.

Throw away more code

Antoine de Saint-Exupéry famously said "Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away." This is our project motto. The more code we can throw away, the fewer potential vulnerabilities and complexity issues we will have. There are many opportunities here; see our removal plans, and holler if we’re removing something you need.

Move code that doesn’t need to be in C out of C

We’ve already made major gains in maintainability and code re-use by moving all our production scripting to Python. One of our goals is to move all code that isn’t realtime-critical out of C to improve maintainability and decrease vulnerability to overrun bugs and other classic C snafus.

Broaden community participation

The NTP Classic project slid into decline, developing serious vulnerabilities it was unable to effectively address, because it made choices that closed it off from the wider open-source community. NTPSec was forked in large part to reverse those choices. We want more community participation, more open-source code review, and we even welcome drive-by patches to address point problems.

Build a hardware test lab

Precision clock sources are tricky things, and testing in a simulation environment has limits. We aim to build a lab where we can remote-control refclocks and a network of ntpd instances for live testing. This will take money: see Getting Involved for how you can help.

Get it all IPv6-ready

Network Time Protocol is unhealthily entangled with IPv4. As address exhaustion forces the world towards IPv6, this needs to be fixed.

Long-term: Out of C entirely?

Languages which may seriously challenge C as the lingua franca of systems work are beginning to appear. Their most important advantage is they they enforce code-correctness properties that eliminate large classes of the low-level bugs C is prone to. The codebase we inherited was so large and grotty that moving to any of these would have been impractical, but the codebase we have now is a different story. It may be worth trying…​

Recruit and educate a new generation

NTP Classic came altogether too close to becoming a black hole of unmaintainability because only one human being fully understood the Byzantine clock-synchronization algorithms at its core. For sustainability, that knowledge needs to become more widely spread.

clocktower64