ISO Emeritus, NTPSec
Senior Systems Analyst, IU CACR
CSNET & NSFNET (NSF)
HTTP & HTML (CERN)
Graphical Browsing, Mosaic (NCSA, with Fed $)
W3C (DARPA, European Commission)
First Public TCP/IP Code (AT&T)
...and, I'm willing to bet, at least 90% of the people in this room.
No OSS gets broken to the point of crisis without a driving set of systemic social problems.
If these are not addressed, any improvement to the code will be short-term.
A clear, concrete, finite scope:
necessary, not optional
Expect and forgive drama.
Spend time with people.
The purpose of a rescue is long-term sustainability.
Fixing bugs is temporary.
Make bugs easier to fix.
Eliminate or prevent classes of bugs.
Rescue should result in a long tail of bug fixing.
Familiar with ancient C code
Experienced in Linux/UNIX systems programming
Capable of working on highly critical code
With some idea how time works
Who care about open source and security
Who can spend a lot of time on this.
A way to keep those programmers fed
Help with documentation and toolchain work
Means to demonstrate to the existing NTP community that we weren't abandoning them
An understanding of the existing install base that we didn't have
The means to maintain the code, documentation, and community post-rescue
Some way to convince people to actually deploy the thing
Two administrative staff.
2-4 semi-active community members.
Susan Sons, PM / ISO
Eric Raymond, lead dev
Gary Miller, developer
NaLette Brodnax, docs
Amar Takhar. tools dev
...and a handful of concerned community members.
NTPSec's core team has been through a lot, but we still meet up about once a year and hang out, because it was a wild ride with good people. I was given an emeritus title when I stepped down last spring, in the hope that I'd remain "part of the family".
How many currently active committers account for >50% of the code base?
Breakdown by Dave Nalley:
As of Fall 2016 Image credit: Dave Nalley
This deck is at: https://slides.com/hedgemage/cot2017
To Wikimedia Foundation for their awesome library of freely reusable media, which spared you from my toddler-like drawing ability.
To Indiana University's Center for Applied Cybersecurity Research, and specifically the NSF-funded Center for Trustworthy Scientific Cyberinfrastructure, who funded the NTP Rescue project. Also to the Internet Civil Engineering Institute, who aided with organization and developer resources.
To Cornerstones of Trust, for bringing me here to tell you this story.
To the NTP Security Project team, who made sure the rescue effort didn't go to waste. NTPSec is poised to replace NTP classic in the coming year in installations around the world.
To the countless individual humans along the way who did NOT say
"this is somebody else's problem".
"Social Engineering: Hacking Humans" by Susan Sons is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Please credit Susan Sons and the Internet Civil Engineering Institute (ICEI) when using this presentation.
Permissions beyond the scope of this license may be available; send inquiries to email@example.com.
The most current version of this presentation is available from