> > I think I've been quite clear, similar to negative coding. > > You haven't, similar to people spreading FUD. > > Feel free to share your deep knowledge and thorough understanding of NTP > with us ignorants by contributing to this neat little project you might > have heard of, Wikipedia: > > http://en.wikipedia.org/wiki/Network_Time_Protocol#Security_concerns > Funny how people read what they will. I guess you haven't looked up negative coding. What I mean by similar to is if it doesn't benefit you, you will have less bugs and a more stable and secure system by reducing code usage. Therefore I wouldn't even need to know about ntp details, or the work of some very clever people who have looked at the details to make the right choice for me. Some security books say code redcution is pointless, I guess rop attacks have put a pin in that but aside from rop it has served me very well. Disabling ipv6 for example. One of about the two remote root exploits (so far) for OpenBSD was in ipv6 ages ago and more recently this. http://www.hackingipv6networks.com/past-trainings/hip2011-hacking-ipv6-networks.pdf I guess I regurgitate too many thoughts at once without enough explanation. I Wish I hadn't mentioned the alternative that would certainly not negatively affect most users now. Who knows maybe the bug fix will break something too. Though I'm sure they will test very well considering. > > OpenBSD has a security measure called securelevel which if raised from > > one to two prevents even root setting the clock backwards or near > > overflow as this can have consequences for the entropy pool. They also > > put in place measures to reduce client time leakage. The obvious point > > I ignored is network exploits as clock adjustment is a root process, > > which is why OpenBSDs implements priviledge seperation and chroot. > > So what? You want to switch to OpenBSD? Please do. I use OpenBSD more than arch actually, almost entirely for servers. -- ________________________________________________________ Why not do something good every day and install BOINC. ________________________________________________________