Publicly Available Services

From Vikings Wiki
Jump to: navigation, search

These services are free of charge for everyone who wants to use them in the hope that they will be useful, but without warranty; even without the implied warranty of merchantability or fitness for a particular purpose.

Vikings provides various publicly available infrastructure services that are essential for the Internet to work properly but usually run unnoticed by the average user. All publicly available services at Vikings are run on owner-controllable hardware that uses libre boot firmware, libre operating systems and libre user-space software.


Network Time Protocol (NTP)

Using Vikings' NTP Servers

Since December 2008 Vikings runs three time servers using the NTP protocol. These are housed in different networks in Germany and have the following addresses:

  • ntp1.vikings.net
  • ntp2.vikings.net
  • ntp3.vikings.net

To use these time servers with GNU/Linux ntpd must be configured accordingly. For example the following three lines can be inserted (or replacing the existing lines) in the /etc/ntp.conf file:

server  ntp1.vikings.net iburst
server  ntp2.vikings.net iburst
server  ntp3.vikings.net iburst

This document does not cover older version of ntpd that may require the additional parameters that became obsolete (up to version 4.x of ntpd). Always run a recent version of ntpd; usually the one provided by your up to date GNU/Linux distro will be sufficient and recent enough.

Adding public servers (optionally, recommended)

Optionally a few public servers can and should be added as well (don't depend on only one NTP provider to increase reliability):

server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
server 3.pool.ntp.org

The 0, 1, 2 and 3.pool.ntp.org names point to a random set of servers that will change every hour. Make sure your computer's clock is set to something sensible (within a few minutes of the 'true' time) - you could use ntpdate pool.ntp.org, or you could just use the date command and set it to your wristwatch. Start ntpd, and after some time (this could take as long as half an hour!), ntpq -pn should output something like:

$ ntpq -pn
    remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+81.6.42.224     193.5.216.14     2 u   68 1024  377  158.995   51.220  50.287
*217.162.232.173 130.149.17.8     2 u  191 1024  176   79.245    3.589  27.454
-129.132.57.95   131.188.3.222    3 u  766 1024  377   22.302   -2.928   0.508 

The IP addresses will be different, because you've been assigned random timeservers. The essential thing is that one of the lines starts with an asterisk (*), this means your computer gets the time from the internet - you'll never have to worry about it again!

Looking up pool.ntp.org (or 0.pool.ntp.org, 1.pool.ntp.org, etc) will usually return IP addresses for servers in or close to your country. For most users this will give the best results.

You can also use the continental zones (For example europe, north-america, oceania or asia.pool.ntp.org), and a country zone (like ch.pool.ntp.org in Switzerland) - for all these zones, you can again use the 0, 1 or 2 prefixes, like 0.ch.pool.ntp.org. Note, however, that the country zone might not exist for your country, or might contain only one or two timeservers.

After making changes to the NTP settings restart ntpd for the changes to come into effect.

Why is NTP Important?

NTP is a protocol designed to synchronize the clocks of computers over a network to a common timebase (usually UTC).

Time is inherently important to the function of routers, networks and computers. It provides the only frame of reference between all devices on the network. Without synchronized time, accurately correlating information between devices becomes difficult, if not impossible.

Accurate time stamps are essential to everything from maintaining and troubleshooting equipment and forensic analysis of distributed attacks, to resolving disputes among parties contesting a commercially valuable time-sensitive transaction. In a programming environment, time stamps are usually used to determine what bits of code need to be rebuilt as part of a dependency checking process as they relate to other bits of code and the time stamps on them, and without good time stamps your entire development process can be brought to a complete standstill. Within law enforcement, they are essential for correlation of distributed communication events, forensic analysis, and potential evidentiary use in criminal proceedings. In essence, all debugging, security, audit, and authentication is founded on the basis of event correlation (knowing exactly what happened in what order, and on which side), and that depends on good time synchronization.

Finally, even if you are able to put the pieces together, unsynchronized times, especially between log files, may give an attacker with a good attorney enough wiggle room to escape prosecution.

Manual time synchronization with NTP

It might be necessary to synchronize the time manually after you have installed the NTP daemon for the first time. You can do this with either ntpd or ntpdate (may need to be additionally installed):

ntpd -q -g

The option "-g" will also synchronize if the time difference is more than 1000 seconds, "-q" will run ntpd only once.

ntpdate 0.pool.ntp.org

Saving the time to the systems hardware clock

Today, this is often already done for you by the operating system, if your operating system isn't or you prefer to do things manually you can save the current time to your hardware clock to put time into a save state for reboots.

hwclock --systohc

Additional Notes

Consider if the NTP Pool is appropriate for your use

If business, organization or human life depends on having correct time or can be harmed by it being wrong, you shouldn't "just get it off the internet". The NTP Pool is generally very high quality, but it is a service run by volunteers in their spare time. Please talk to your equipment and service vendors about getting local and reliable service setup for you.

If you have a static IP address

.. and a reasonable Internet connection (bandwidth is not so important, but it should be stable and not too highly loaded), please consider donating your server to the server pool. It doesn't cost you more than a few hundred bytes per second traffic, but you help the NTP project to survive. Please read the joining page on their website for more information.

If your server is located at Vikings

..or if you know of another good timeserver near you, you should use that and not the NTP pool - you'll probably get better time and you'll use fewer network resources. If you know only one timeserver near you, you can of course use that and two from pool.ntp.org or so.

Timeserver assigned twice

On occasion it can happen that you are assigned the same timeserver twice. To solve this problem it's often sufficient to simply restart the ntp service. If you use a country zone, please note that it may be because there is only one server known in the project - better use a continental zone in that case.

Be friendly

Many servers are provided by volunteers, and almost all time servers are really file or mail or webservers which just happen to also run ntp (this is not the case at Vikings). So don't use more than four time servers in your configuration unless you have for some reason, and don't play tricks with burst or minpoll - all you will gain is extra load on the volunteer time servers.

XMPP

We provide a XMPP server since 2004. Today, our XMPP server based on ejabberd and is available at jabber.vikings.net. Among other features, it supports messaging, multi-user chat, file transfer and in-band user registration.

Fully Encrypted Data Transmission

There are no plans to support unencrypted transmission of data. This means that server to server connections are only possible with servers that support up-to-date and state-of-the-art protocols and cipher-suites. If you have a friend who is registered on a server that doesn't support TLS or (still) uses outdated ciphers, you can't communicate with them via jabber.vikings.net. Every XMPP service provider should configure their server with TLS. Your friend should consider a) talking to the server provider in order to change that, or b) change the XMPP server. Like email, XMPP (formerly called "Jabber") is a federated protocol and there are hundreds of XMPP servers available world-wide.

XMPP Compliance Tester

This server is listed at the XMPP Compliance Tester.

DNS

  • To do: complete me