Ubuntu QA:
BlogBrainstormPackage status
Log in
Ubuntu QA
The Ubuntu community has contributed 22823 ideas, 138726 comments, 2639112 votes
Idea sandbox Idea sandbox
Popular ideas Popular ideas
Ideas in development Ideas in development
Implemented ideas Implemented ideas

Popular ideas Here are the latest ideas about Ubuntu that have been approved.

Secure Network TIme Synchronization  
Written by slashdotaccount the 16 Aug 12 at 00:38. Global category: Security. New
Currently Ubuntu gets sets it's system clock over unauthenticated NTP. Thus, any man in the middle can modify answers from NTP servers and the client's or server's operating system has no way to recognize that, only hope the user will recognize and act accordingly.

Correct time is absolutely crucial for many security related things. Some systems do not have a hardware clock or hardware clock is defunct (battery low). If an adversary managers to set the time several years back, he can let the user accept already revoked, broken, expired certificates. Replay old, broken, outdated, known vulnerable updates etc.
37
votes
up equal down
Solution #1: use authenticated NTP
Written by slashdotaccount the 16 Aug 12 at 00:38.
NTP supports authentication. Use it. At least optionally. Add an GUI option to enable/disable it.

Ubuntu could host a few authenticated NTP servers, announce this and ask other NTP server admins to add authentication.

See the 5 comments or propose a solution >>

Time and Date is hard to tell if it is synced to a ntp server.  
Written by readmanr the 29 Nov 09 at 14:06. Global category: System. New
In System > Administration > Time and Date Settings, if you have chosen to "Keep synchronised with Internet servers" and have a server selected, there is absolutely nothing to let you know it has syncronised with the server successfully or not. Thus you do not know whether the time is incorrect or correct.
143
votes
up equal down
Solution #1: Time and Date settings should have 'update now' button.
Written by readmanr the 29 Nov 09 at 14:06.
Time and Date settings should have 'update now' button along with status of the date and time it last successfully synchronised with the selected server(s).
If the selected server(s) fail, then let the user know it failed, if it was a success then let the user know it successfully synchronised with the server and that the date and time are now correct.
10
votes
up equal down
Solution #2: Integrate with Notify OSD + Provide right click update
Written by sanketmedhi the 19 Dec 09 at 07:05.
Integrate time and date updates with the NTP servers in the Notify OSD model to show when updates are successful or fail.

Also, add an 'Update Now' option on the right click menu of the clock on the top panel.

See the 2 comments or propose a solution >>

Time server (ntp) configuration not clever enough  
Written by gazilla the 10 Jun 09 at 23:45. Global category: Server. New
If you install the NTP daemon (time server) the config file points to ntp.ubuntu.com (an obvious Ubuntu mod).

While we are glad that Canonical maintains a time server for this purpose, it is not the cleverest approach. The problems include undue load on the Canonical server (when total world domination is achieved) and the introduction of a single point of failure. Also, the round trip time from client to server will affect the timekeeping. Shorter network paths, which usually come from geographically closer servers, are always preferred. Furthermore, for better results, more than one time server should be listed.
84
votes
up equal down
Solution #1: Use the NTP Pool Project servers (www.pool.ntp.org)
Written by gazilla the 10 Jun 09 at 23:45.
The Ubuntu install requests the user's time zone. This is used to set /etc/timezone. Using this value, point the NTP daemon to local time servers in pool.ntp.org. For example, my time zone is 'Australia/Brisbane' :-D. The dpkg install script for ntp should read this and set the servers section of /etc/ntp.conf to...

server 0.au.pool.ntp.org
server 1.au.pool.ntp.org
server 2.au.pool.ntp.org

If the install script cannot guess the country code it may be valid to add these lines (otherwise just keep using ntp.ubuntu.com)...

server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org

In recognition of their use of the pool servers, Canonical could perhaps fund a server in each zone (or a few in Africa). In the meantime, I recommend this approach be implemented manually for all the reasons outlined in the rationale (just remember to use you own country code, NOT 'au' :-).

See the 4 comments or propose a solution >>

Optional nptdate before activating ntpd  
Written by PoolSnoopy the 1 Dec 08 at 03:28. Global category: Usability. New
When a user turns on time synchronisation it would be great to get asked for a "hard" sync with ntpdate before running ntpd. Imagine your clock being way off the correct time. I suppose that a normal user would be surprised finding that syncing the clock via internet does not set the correct time immediately.
31
votes
up equal down
Solution #1: Auto-generated solution of idea #16099
Written by PoolSnoopy the 1 Dec 08 at 03:28.
Ubuntu Brainstorm was updated in January 2009. Since the idea #16099 was submitted before this update, its rationale and solution are not separated. Please vote accordingly, and if you have the necessary rights, please separate the rationale from the solution. Thanks!

Add a comment or propose a solution >>