Log in

No account? Create an account
...:::.::. .::...:..
Moon Phase

September 2018
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29

Bruce [userpic]
Party On

Another day...

Last night's party was excellent, as usual. I decided to bring some alcohol, and the gyrations of getting to BevMo and then the Hamptons at rush hour made me about an hour late.

But it was OK. There were still a few of candiddani's balls left for me to eat. So far, both her balls and her weenies have been quite tasty.

I brought some Campari, so for the first time in quite a while, there was Bleh™ for me to drink. Good timing, too: This was the first time princesskiti22 had brought Zena, so she got to go through the baptism of Bleh. She had a fairly typical reaction...

All in all a fun evening. I somehow didn't manage the whole drunk thing too well, but I at least saw the edge of tipsy a few times. And I knew no-one was going to steal my drink.

The party dissolved earlier than usual, but I was one of the holdouts, leaving around 12:30am.

I came home and... slept. Then got up around 11:00am for a bit and... slept. At least, when I'm procrastinating this hard, I can't complain that I'm not sleeping enough.

One major positive that may come out of the party - if he's still interested. snafflekid is studying RF circuits, and was at least slightly intrigued by the NTP server idea. So - once I've taken care of the tax thing - I need to reinvestigate the viability of the product. Also, of course, Kendall's continuing interest. I now know a lot of what was done wrong with the first incarnation - and not bringing in people in the appropriate specialties was most of it.

Back on the timeline - this afternoon timenchanter convinced me to get up and dressed in order to have some food (at Chili's this time), and shop. And thence to the show.

It's been a pleasant, and unusual evening so far. wease420, Noe, cmjfoxfyre, Shawn, helios77, Phillip's boyfriend Eric, and a host of their friends are here. Quite the pleasant blast from the past.

Granted, it looks like income-wise, it's gonna be equivalent to a good Sunday, but hey, we're having fun.

And I'm paid a fixed amount on Thursdays...

Current Location: KoC
Mood: cheerfulcheerful

I'm just crushed to think that mine aren't the only balls to have been enjoyed at the Hamptons now.

Dear, I don't want to imagine how many people's balls have been enjoyed at the Hamptons.

Well, no - but that doesn't make as good of a joke.

Bruce, would you be interested in a B day party on either Saturday afternoon or Sunday afternoon?

I'm afraid it's actually a fairly busy weekend. I could potentially do something for a couple of hours on Sunday afternoon...

No worries. No one is showing up anyways.....really. I'm not kidding and I'm not feeling sorry for myself! really, its weird...again

Edited at 2008-04-05 03:59 am (UTC)

NTP server idea?
I hope you're reviewing the IETF ntpwg mailing list. Most of the discussion of late deals with whether you can meet the criteria for proving that your device knows what time it is in a court of law. It's not just a toy market anymore.

Then I'll just have to read that.

Interesting question, that, given that any device can be at least somewhat tampered with - or contain a bug.

I've always wondered how good is good enough for those cases. As in, for example, the whole "radar gun firmware" cases.

I would guess any timestamping device which could withstand legal scrutiny would need two way communication to a trusted time source. Even triple DES hashed timestamps would probably survive a lawsuit due to precedent. Bruce's idea probably does not meet this goal.

Nope, but then, as far as I know, there isn't a standard out there that allows one to do that. Last I checked, the security portions of the NTP standard sucked pretty badly.

When you come down to it, the security of any kind of radio receiver is limited by the security of the transmission medium, and radio is about as insecure as one can get.

Again, I'll have to read the discussion. There are various ways of demonstrating reliability, including, for example, a history of signed logs showing drift within reasonable limits.

Were you referring to the thread that begins here?

It's rather... inconclusive. Which isn't too surprising. Normally one can handle such things by (1) reasonably extensive documented testing of the software, and the device in general, under a wide range of scenarios, (2) documented development practices, and (3) reasonable efforts to thwart tampering.

Historically, at least, the courts have admitted evidence that has a good likelihood of being correct. There are, of course cases where each side declares vigorously that all the signatures are forgeries, and demand analysis of the ink on all documents. And one should be somewhat prepared for such.

I have to admit that I haven't looked at the NTP standard for a few years. Last I checked, the only authentication method available was a shared-key system so unwieldy that virtually no-one implemented it. The most security actually in use involved polling a known IP address, rather than polling - or listening to - multicast.

Obviously such a method is vulnerable to spoofing, but given the alternatives, well, that's what's available.

It will be important to get to know the players before according weight to the postings.
Sarbanes-Oxley has produced an industry for authenticated time which is flourishing a lot like the industry created by California AB 1825, and most of the current discussions on ntpwg are about interoperability of the existing authentication mechanisms (or lack thereof). The point being that there is a big industry already working on these sorts of devices.

Well, that's why I need to reinvestigate the business model.

When I looked at this, about 5 years ago, the only players in time servers were building expensive boxes. The idea was to go the other way, and produce an affordable server (target price of $500) that did a reasonable job of synchronizing small subnets.

The concept was that there is a large market out there of small isolated networks (Many doctor's offices, for example, deal with patient privacy concerns by not having an outside connection, and in a number of large companies, getting the IT department to allow NTP traffic can be problematical), where one could easily sell devices that ride under the $500 to $1000 petty cash horizon.

For most of those cases, having a synchronized network is a large benefit, and having one with the actual correct time is a major bonus.

So the idea, which flew rather well with all of the marketing people I talked to, is that while there are several players in the "large system" time server business (About 3 at that point, as I remember), there was essentially no-one in the small system arena.

There's the additional concept of (as they say) providing a solution rather than a product. Including decent documentation, a (relatively) plug-and-play box, and simple setup software, so that someone who's never even heard of NTP can set up their network.

Just as an example:

  • Every commercially available server I found was guaranteed accurate to a millisecond

  • The legal requirement for online traders is that they be within 3 seconds of NIST time.

  • My target accuracty was 10ms, but I'd only be concerned if I couldn't guarantee it to within a quarter-second.

Oh look, a refreshing glass of cherry Kool-Aid! THPPhHtHpppp! It's BLEH!!!


I warn people first!

And, every now and then, I run into someone with the sophisticated palate necessary to appreciate the stuff.