keverets @keverets@librem.one

Long discussion on the orange website about the NIST's Boulder NTP site being down. Not a lot of people with practical experience in the topic.

NTP is designed to function as a tree model, rooted in "stratum 0" NTP servers with direct time references. Actual clients are expected to interact with lower-stratum servers that themselves synchronize to higher-stratum servers. Generally any NTP server with a GPS time reference is considered suitable for stratum 0, and the vast, vast majority of real-world NTP/PTP deployments are ultimately working off of one or more GPS references. GPS operates from the Naval Observatory clock via a few different layers of indirection, each of which has its own high-precision oscillators to allow plenty of holdover. Purpose-built stratum 0 servers, used e.g. in data centers, have their own precision reference oscillators for holdover should the GPS lock be lost. Basically any real problem in this space would probably evolve pretty slowly.

The NIST NTP servers have always suffered from high load, to the extent that they've sometimes been unresponsive in the past. Synchronizing devices directly to these NTP servers is a bad practice, discouraged by the NIST and now mostly gone from default configs. That limits the impact of an outage a lot. The authenticated service is intended to help with the load-related reliability issues but presumably its users are sophisticated enough that their stratum-1 will be fine. Most clients are interacting with lower-stratum NTP servers operated by, for example, ntppool.org. These track multiple stratum-0 references and will be fine with the loss of one of the NIST sites.

There are probably still a bunch of stupid clients that try NIST Boulder NTP servers exclusively (I know some old network appliances shipped like this by default), and they might be a little driftier than usual for a while, but I wouldn't expect any of these to be important as they were pretty much already misconfigured.

Big picture, the NTP system is very big and very distributed and the NIST Boulder site has no real significance beyond name recognition---the same name recognition that made it a poor choice for most purposes.

Great #DSA report by @bitsoffreedom about how #Snapchat manipulates its users through notifications:

"From 109 notifications we categorized 39 as misleading." They contained "false information (e.g., “check out this post from someone you follow”—even though we weren't following anyone), resembled a personal message from other users, or were incorrectly labeled as being “time-sensitive”."

https://www.bitsoffreedom.nl/2025/12/05/how-snapchat-manipulates-its-users-through-notifications/

#DigitalRights #DarkPatterns #DigitalServicesAct #BigTech #InterfaceDesign

"Any workplace surveillance should have strict limitations on its use," EFF’s @legind told Business Insider. That might include not using the technology outside the workplace or beyond work hours. https://www.businessinsider.com/employee-surveillance-how-boss-monitors-your-work-2025-12

The United Nations opts for @CryptPad, an open source alternative to #GoogleForms.

https://news.itsfoss.com/un-ditches-google-form/

#OpenSource #CryptPad #UN #UnitedNations #foss

At Fairphone, we believe that true ownership isn't just about hardware, it's also about code 💚
We're proud to be one of the few brands offering the necessary resources for users to develop and run their own software. We publish kernel sources, device trees, and work hard to maintain buildable code for our devices. We also published this week our detox feature Moments of our Gen 6.
https://www.fairphone.com/en/2025/12/04/were-big-fans-of-open-source-buildable-code-at-fairphone-heres-why/?trk=feed-detail_main-feed-card_feed-article-content

Cory Doctorow @pluralistic on how to criticise AI.

I love his writing style and the way he provides clear, understandable explanations of everything he write about. (And I love his sense of humour)

https://pluralistic.net/2025/12/05/pop-that-bubble/

Seeing family for the holidays? Remember to help your loved ones install Privacy Badger to stop online trackers from following them around the web. https://privacybadger.org

Remember how every December your CD player did not confess that it had been spying on what you listened to all year

We are thankful for the help from Consumer Reports on our #OptOutOctober project. https://www.eff.org/deeplinks/2025/09/opt-out-october-daily-tips-protect-your-privacy-and-security

If you are concerned about this remember to address directly it with the person wearing the Meta glasses, rotating with your hips and core for power and aiming through their face rather than at it

RE: https://bsky.app/profile/did:plc:vk7rduhvom3rq6dyluce5wzf/post/3m3ug5d4gv22o

Security conference talks fall into two categories
* we designed a distributed entropy siphon to perform a black-box hypervisor side channel escape and chain-load a persistent rootkit into the CPU cache
* we looked behind the sofa and found an entire industry of products/services that have made no attempt at security at all and are therefore vulnerable to the most basic issues that we've been finding in everything for the past 30 years, and no-one else had bothered to look.

This is maybe the biggest FINALLY in my career as a purveyor of Oddly Specific Objects: The Open Book is in prelaunch at Crowd Supply! But it's not the same old Open Book; we're launching the all-new, completely reimagined Open Book Touch with WiFi and Bluetooth support, a higher-resolution display, capacitive touchscreen, and frontlight with adjustable color temperature. Subscribe for updates here! https://www.crowdsupply.com/oddly-specific-objects/open-book-touch

Absolutely obsessed with framing your employees sleeping on the floor as a humble brag

“Look how hard my team works” no dude you’re just bad at project management.

Competent companies ship products without cosplaying being homeless

Software people will laugh while scrolling this. They won’t admit it’s to keep them from crying: https://immich.app/cursed-knowledge

It's official! The San Francisco Board of Supervisors has unanimously declared October 22, 2025 as Internet Archive Day — celebrating our 1️⃣ trillion webpages preserved & our mission to provide universal access to all knowledge.

🔗 Learn more & celebrate with us tonight ➡️ https://blog.archive.org/2025/10/22/happy-internet-archive-day/

It's important to know what search results are out there about you, so you understand what people see when they look for you. #OptOutOctober https://www.eff.org/deeplinks/2025/09/opt-out-october-daily-tips-protect-your-privacy-and-security#tip11

@LadyNeuroFunk I use #XMPP as my primary medium of communication, be it chat or audio/video calls.

I ask non-geek contacts to install #Quicksy or #Prāv. For the more privacy conscious, I suggest regular XMPP clients and servers.

I also wrote a user’s guide to XMPP.

Down with proprietary and centralized platforms! ✊

Today the Support of Windows 10 is over

💡As an user, you should have the right to choose your operating system

🖥️ If you buy a computer with a pre-installed Windows license that you don’t want to use, you can request a refund💸.

“You should not have to pay for software you do not want. Manufacturers and vendors have no right to impose specific operating systems on users” Lucas, Refund4Freedom co-coordinator.

👉 https://fsfe.org/news/2021/news-20210302-01.en.html

How to request a refund 👉 https://en.refund4freedom.org/

"Instead of sending public money to distant corporations, funds stay local and support IT jobs for regional developers and entrepreneurs. The use of open-source #Linux distributions also extends the life of existing hardware and reduces e-waste, which proprietary models can exploit for unnecessary spending."

*Cantillon Lessons Guide Shift to Open-Source*

https://news.opensuse.org/2025/09/15/cantillon-lessons-guide-shift-to-open-source/

@opensuse supports #EndOf10!

#FreeSoftware #OpenSource #Windows #Windows10 #Microsoft #FOSS #FLOSS #GNU #GNUlinux