this post was submitted on 16 Aug 2023
64 points (100.0% liked)

Sysadmin

7640 readers
1 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
!lemmy@lemmy.ml
!lemmyworld@lemmy.world
!lemmy_support@lemmy.ml
!support@lemmy.world

founded 1 year ago
MODERATORS
DarraignTheSane@lemmy.world
00Lemming@lemmy.world
L3s@lemmy.world
64
Windows feature that resets system clocks based on random data is wreaking havoc (arstechnica.com)
submitted 1 year ago by exu@feditown.com to c/sysadmin@lemmy.world
11 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[โ€“] flambonkscious@sh.itjust.works 2 points 1 year ago (1 children)

So does that mean one needs to run NTP as well as the domain-based time sync, for when the donation based one fails?

Seems weird. I wonder why they're so cagey about it

[โ€“] mo_ztt@lemmy.world 2 points 1 year ago

Their official advice is to disable STS when using NTP.

As for the explanation, I think it was just an example of bad decisions compounding on themselves.

  • Oh no, it's difficult to sync time because the secure communication layer doesn't work when our time is already out of sync. That's okay, we'll use a totally other dubious mechanism instead of fixing that.
  • Oh no, the dubious mechanism is giving us bad results sometimes. That's okay, we'll introduce weird heuristics to attempt the impossible problem of determining whether the dubious mechanism's output is trustworthy.
  • Oh no, the heuristic fails sometimes. That's okay, "We agree that the overall direction of technology with the adaption of TLS v1.3 and other developments in this area could make Secure Time Seeding decreasingly effective over time, but we are not aware of any bugs arising from their use. This technology direction also makes heuristic calculation of time using SSL/TLS far less attractive when compared to deterministic, secure time synchronization."