Does your D-link product need to be on ??

  • Thread starter Thread starter Dave (from the UK)
  • Start date Start date
Most seem to work for me, but I use a Sun workstation, not a D-link
router, so I can't say I have tried with this. I suspect the muppet
routers don't implement the protocol as well as the Sun.

I am not using a D-Link router. The list has nothing to do with routers
per se - it's principal purpose for me is setting accurate time for our DC
which, of course propagates to all other computers on the domain. The
experience of finding a reasonably close, working, reliable NTP server was
extremely frustrating... to the point of having to examine the Win 2K
server logs for the evidence - I didn't need that diversion. I eventually
found a recommended doc somewhere which said it's "OK" to use
time.nist.gov, as long as it's not excessive, so I used it.
I'm not aware it can be done on mine at all. Luckily, none accessed have
any restrictions.

That would be surprising.
The ServiceArea is the geographic and/or network area the TimeServer is
intended to serve.

Yes, I can gather that much... OBVIOUSLY. This does not preclude that a
mfr whose HQ is in a given area cannot arrange to use a server in that area
for all its U.S. sales. For the "network areas" it's not a lot of use to
specify a bunch of inner-circle coded names without explaining to the
end-user what they mean. It's almost like those people *want* to
obfuscate... invent some cryptic language for themselves and then have the
nerve to complain when some naif violates their *unexplained* encoded
rules.
I personally did not use the word vandalism. But I think abuse is correct.

Depends what you mean - their after the fact attitude on correcting the
situation and financial/technical compensation is abusive (U.S. lawyers...
which I gather the UK lawyers are "learning" from). The incident itself is
just an honest -- but likely incompetent -- mistake... with catastrophic
results.

OTOH, the guy is supplying a service to the majority(?) of the Danish ISP
industry... who are profiting from the Internet in general... some of whose
clients are no doubt using D-Link gateway-routers. The silence about their
reaction, other than apparently wanting to apply excessive charges to their
NTP "supplier", is incongruous to say the least... clean hands??
Well, you don't have to use a local server and should not use a local
one if it restricts access.

The trouble is "restricted" has degrees of enforcement in general - the
guidelines are malformed and badly expressed... and the anecdotal reports
are ambiguous.
I accept there is a *big* difference between intentionally hacking a
machine (me hacking yours) and you or anyone else using an NTP server
without realizing it. One is an accident, the other a deliberate act.

But once you are aware you are not welcome at an NTP server, then I
think the difference disappears.

I will ask you the same question I asked the person posting as:

Borked Pseudo Mail - '(e-mail address removed)'

If you were asked by an NTP server administrator (such as the owner of
the Danish one) to stop accessing that server, and you were unable to do
so by a firmware upgrade or reconfiguring the router, would you continue
to access his server, even though he had asked you not to? If you had
no other option, would you switch your router/modem off and not use it?

That depends: e.g. my router only does a look-up on restarts, cold or warm,
and AFAIK does not poll excessively to get synced, so I don't feel that's
an enormous abuse; the Netgear and D-Link cases should have probably been
the subject of a recall. I still don't understand why they continue to
poll every hour or so once synced but, given that the D-Links have a
configurable NTP address the ISP industry, at least those who supply D-Link
gateway-routers bears some blame for the situation.
Furthermore, what if the person asking you was from the US government or
the US Navy, both of whom timeservers are being abused? Would you
continue to use their time servers if you had no way of stopping your
D-link product from doing it without switching it off?

I'm not using their servers and I'm not that interested in discussing
hypotheticals as they apply to me.
BTW, your ISP, Tellurian, might have something to say about it, as it
would be against their rules:

http://www.tellurian.com/usagepolicy.asp

In particular:

* Any "denial of service" attack, any attempt to breach
* authentication or security measures, or any unauthorized attempt
* to gain access to any other account, host or network is
* prohibited, and will result in immediate service termination,
* which may be without notice.

I think you using the NTP server then would be an unauthorized attempt
to gain access to another host.

What NTP server are you talking about? Now you're getting impudent without
assimilating already presented facts. I think you know what the above
means and is targeted at - applying it to a published list of servers which
are poorly documented might result in some "advice" on how to do things
right *BUT* he'd have trouble taking things further since ntp.tellurian.com
*does* exist but does not work. This same ISP supplied the gateway-router
which is hitting clock.isc.org. said:
So that makes it right?

I suggest if they are in the US, it would be rather foolish to continue
to do it should a US government or navy official ask you to stop.
RIGHT!


No, the rules were in place before. I am not suggesting any rules at all.

If vendors chose to implement products which use NTP servers it is up to
them to work out how to do it without accessing other servers their
intended end users are not supposed to. It is not up to me, or anyone
else to tell them how to do it. I am just saying there are ways, but it
is their decision. The rules have been in place a long while.

No, the rules have been in flux for a while.
I suspect, but don't know, that for a gateway router where the time can
only be set to 1 second resolution, it makes no difference if you use a
near or distant NTP server. The protocol corrects for network delays.
Correction improves when multiple time servers are used but I doubt it
is necessary unless the resolution is better than 1 second.

Depends on how the algorithm is implemented. Windows 2K/XP gives up if it
can't get a consistent delay. It seems self-evident to me that use of a
geographically close server is a better choice from several POVs.
 
David said:
A bit Draconian to hold the user 'responsible' for something they're not
only clueless about but unable to change even if they knew, don't you
think?

Peronsally I think the manufacturer (D-link) should take responsibility.
The question is 'who'?, knowledge, and intent.


And just how is the individual user made 'aware'? And that includes made
'aware' by an authority recognized to have the claimed authority.

At the minute users have not been made aware except via news reports and
posts on newsgroups, but in principle they could be notified.

According to The Register

http://www.theregister.co.uk/2006/04/13/d-link_time_row_escelates/

D-link have said they are aware of it and there may be a statement after
Easter.
Things are seldom that simple and especially not when trying to lay
blame and responsibility on people who had not one shred of
participation in, nor knowledge of, the decisions leading to the alleged
'abuse'.

I'm not blaming end users - I think the manufacturer is to blame. But
end-users are actually using the time servers now. The legal
implications of this in England are far from clear - I have no idea in
another country.
First, your premise is self serving, pardon the pun. Accessing his
server?

In the case of the Danish time-server, it is personally owned by an
individual with an interest in accurate time measurement.

http://people.freebsd.org/~phk/
You must be kidding. According to your comments above there's
essentially no way for the user to even know a server is being accessed
at all and now someone completely unknown claims a 'perfectly fine',
according to the manufacturer of said item, is 'abusing' his server? Why
should the end user believe this story?

Well, despite claims on sites like the BBC that there is a problem,
there is a distinct lack of denials from D-link, so you might reasonably
assume there is some truth in this.

A technically savvy end-user could determine it for him/her self. They
may be able to inspect the firmware downloaded from the D-link site (as
I did) following the suggestion of the Danish time server owner

Or they could look at their firewall logs which should show the
connections.
Now the end user *knows* he's kidding, or has no idea what the heck he's
talking about, or is some new kind of internet fraud.

Well it has hit the BBC in England, which has a reasonable amount of
respect worldwide - although I am the first to admit this article is not
very well written.

http://news.bbc.co.uk/1/hi/technology/4906138.stm

The technical reasons are not that hard to follow.
The end user has no reason to worry about such a scenario because the
gov knows who to go after: the manufacturer.

I agree the manufacturer should be responsible, but it is not clear (at
least in England) who is legally responsible.

D-link have offered some money to the owner of the Danish time-server,
but he feels it is insufficient.

http://people.freebsd.org/~phk/dlink/

Having had dealing with him before and know how much he has contributed
to the FreeBSD project, I know that the extortion D-link claim would not
be valid.

But the manufacturer really can't do much about units in the field
unless the end-user updates firmware.

To me, the only sensible solution now, given many users will not update
firmware, is for D-link to pay the time-server owners for the increased
bandwidth. Then end users don't have to even update the firmware, as
access to the time servers will be allowed.
The user is doing *nothing* nor making any 'attempt' to do something nor
even aware anything is being done.

I agree they may not be aware (but some will be, as a results of posts
like this).
Maybe I missed it but I'm not aware of any 'US government' announcement
to stop using home routers.

There is not. That is why I used the word "should" in there.

It is not inconceivable that such a request will follow from one of the
many US government time servers being abused. Not even the owner of the
Danish time-server has requested it.

However, more likely the military will move the names and IP address of
their time-servers, alter all the machines that connect to the time
servers, then send D-link the bill. That could be huge.

If I had shares in D-link at the minute I would sell them!!

And if you got an unsolicited phone call from someone you never heard of
saying your perfectly fine coffee maker was screwing up their toaster
oven on the other side of the world you'd immediately unplug the thing
and stop using it, right?

No, but here it is a bit different.

1) The story has hit numerous newsgroups, websites, including the BBC.
Google has 73,000 hits as I write, but there is no denial from D-link.

I think it would be reasonable to assume there is a problem if places
like the BBC report it, but never report a denial from the company.
There is no denial of this on the D-link web site.

2) I can understand the logic here, but I would not the toaster/coffee
maker one.
The point isn't that the technical details are equivalent, the point is
you're trying to lay blame onto folks who might think the analogy is
accurate.

I am *not* trying to lay blame on the end users. I feel D-link are to
blame and should pay for their cock-up. If I was an end-user, and it was
not possible to solve it with a firmware upgrade, I'd look at returning
it under a warranty.

--
Dave K MCSE.

MCSE = Minefield Consultant and Solitaire Expert.

Please note my email address changes periodically to avoid spam.
It is always of the form: month-year@domain. Hitting reply will work
for a couple of months only. Later set it manually.
 
If you can configure the ntp servers, the following will connect you to
a random time server which has no access restrictions.

Worldwide pool.ntp.org
Asia asia.pool.ntp.org
Europe europe.pool.ntp.org
North America north-america.pool.ntp.org
Oceania oceania.pool.ntp.org
South America south-america.pool.ntp.org


I have been looking at my DI-624+:
It has the option to specify a ntp server yourself, so I did that.
However, if in my LAN, I specify the router as ntp server to query
(192.168.0.x), it does not work. Apparently the router does not run an
ntp server to serve your internal lan. (or is this done during a DHCP
lease? Not afaik).
This means all LAN systems have to make their own queries to external
ntp servers, unless I make a server of one of them.
A missed chance, I would say.
 
I have been looking at my DI-624+:
It has the option to specify a ntp server yourself, so I did that.
However, if in my LAN, I specify the router as ntp server to query
(192.168.0.x), it does not work. Apparently the router does not run an
ntp server to serve your internal lan. (or is this done during a DHCP
lease? Not afaik).

Gateway routers are very much made to a price. Before residential DSL
brought the mass market along, those things use to cost big $$ - $2K/3K was
not unusual. Like everything else in the PC business margins are umm,
slim... features too.:-)
This means all LAN systems have to make their own queries to external
ntp servers, unless I make a server of one of them.
A missed chance, I would say.

Yes it is but as I've been saying there's no reason that every ISP should
not have a functional (Stratum-3) NTP server just as they have a DNS
caching server. For a LAN, in the Windows Server world, you need to run
the server as a Domain Controller to get a local (W32Time) time server,
which means running Active Directory, which means you'd have to run DHCP
and DNS servers on a Windows Server too - M$ recommends not having all
those functions on the one server, though many SMBs do. All this is not
something the average home owner really wants to be doing.
 
Yes it is but as I've been saying there's no reason that every ISP should
not have a functional (Stratum-3) NTP server just as they have a DNS
caching server. For a LAN, in the Windows Server world, you need to run
the server as a Domain Controller to get a local (W32Time) time server,
which means running Active Directory, which means you'd have to run DHCP
and DNS servers on a Windows Server too - M$ recommends not having all
those functions on the one server, though many SMBs do. All this is not
something the average home owner really wants to be doing.

Well- exactly the point with more of those little features: I do not
want to use AD on such a small lan- but to use any of those normally
small features, you have to use it. Oh- and no energy saving/sleep
mode anymore.

Before I needed a wireless router, I used a 386sx, 16 mhz pc with 8 mb
ram- and freesco. Life was easy back then ;)
 
Dave said:
Peronsally I think the manufacturer (D-link) should take responsibility.



At the minute users have not been made aware except via news reports and
posts on newsgroups, but in principle they could be notified.

'Could be' but they still had nothing to do with it.
According to The Register

http://www.theregister.co.uk/2006/04/13/d-link_time_row_escelates/

D-link have said they are aware of it and there may be a statement after
Easter.

About time (too good a pun to pass up)
I'm not blaming end users - I think the manufacturer is to blame.

Glad to hear it but your whole argument, after stating 'the problem', has
centered around the end users.
But
end-users are actually using the time servers now. The legal
implications of this in England are far from clear - I have no idea in
another country.

See? After saying you weren't blaming end users you didn't manage even one
more sentence before an implied threat of "legal implications."

In the case of the Danish time-server, it is personally owned by an
individual with an interest in accurate time measurement.

http://people.freebsd.org/~phk/

That's nice.
Well, despite claims on sites like the BBC that there is a problem,
there is a distinct lack of denials from D-link, so you might reasonably
assume there is some truth in this.

Might. Might not. Might not know about it. Might wonder why it's 'their
problem'. Might assume a 'business' is always wrong. Might think it's a
matter for the courts. Might notice that there are tons of accusations and
law suits everyday and not everyone is 'right'. Might imagine that if
they're to do something someone will will at least drop a hint. Lot's of
'mights'.

A technically savvy end-user could determine it for him/her self. They
may be able to inspect the firmware downloaded from the D-link site (as
I did) following the suggestion of the Danish time server owner

Or they could look at their firewall logs which should show the
connections.

"Technically savvy end-user" is almost an oxymoron and most people have
enough things on their plate, some of which they actually care about, to
become 'investigators' over a problem they likely don't understand in the
first place even after being supposedly 'told', much less with a muddy story.

Read the "theregister" link you just posted. There's not the slightest
*hint* the end user is even involved, much less any clue whatsoever they
should 'do' something about it. It's all 'd-link is' this or that. "D-Link
is freeloading..."

They'd have hard enough time getting clueless users to understand the
matter if they *asked* for something. What would you expect the odds to be
when they don't?

Well it has hit the BBC in England, which has a reasonable amount of
respect worldwide - although I am the first to admit this article is not
very well written.

http://news.bbc.co.uk/1/hi/technology/4906138.stm

The technical reasons are not that hard to follow.

No need to: "D-Link is now taking action."

Nothing for the end-user to think about.

Besides, if Mr. Poul-Henning Kamp and his gurus "have no way of figuring it
out" then don't expect the end-user to.
I agree the manufacturer should be responsible, but it is not clear (at
least in England) who is legally responsible.

I'm not a court but, so far, nothing you've posted in the way of 'news' has
even hinted the end-user has been asked to do anything and it's my guess
that you suggesting some unspecified number of end-users 'probably heard
about' the problem and should have then jumped to attention, investigated
the matter, somehow figured out if their router is an affected model then
taught themselves about time servers and router firmware, found a
'solution' and then implemented it, all on their own, even though no one
asked them to do anything, is going to be a hard sell.

D-link have offered some money to the owner of the Danish time-server,
but he feels it is insufficient.

http://people.freebsd.org/~phk/dlink/

Having had dealing with him before and know how much he has contributed
to the FreeBSD project, I know that the extortion D-link claim would not
be valid.

But the manufacturer really can't do much about units in the field
unless the end-user updates firmware.

To me, the only sensible solution now, given many users will not update
firmware, is for D-link to pay the time-server owners for the increased
bandwidth. Then end users don't have to even update the firmware, as
access to the time servers will be allowed.

How the responsible parties resolve, or not, their dispute is their matter.

I agree they may not be aware (but some will be, as a results of posts
like this).

I was dealing with your claimed point that simply because something the
end-user had no knowledge of, nor decision process in, supposedly creates a
'problem' he knows virtually nothing about, and likely wouldn't fully
understand even if they had heard of it, and for which they haven't been
asked to do a blessed thing even if all the rest were known, then that
constitutes sufficient cause to accuse the end-user of "abuse." I'm saying
it doesn't.

There is not. That is why I used the word "should" in there.

But the point was that the hypothetical you proposed is inappropriate
because no such thing has taken place from either the government *or* the
owner of the time server in question, nor from any news article I've seen
you post.
It is not inconceivable that such a request will follow from one of the
many US government time servers being abused.

Actually, it is because they would, at least first, go after the
manufacturer who created the problem.
Not even the owner of the
Danish time-server has requested it.

Precisely, so it's premature, at best, to start accusing end-users of
'abuse' when none one of any authority has asked them to do a blessed thing.

However, more likely the military will move the names and IP address of
their time-servers, alter all the machines that connect to the time
servers, then send D-link the bill. That could be huge.

Not without first contacting d-link to register the complaint and attempt a
resolution.

If I had shares in D-link at the minute I would sell them!!




No, but here it is a bit different.

Which I said in the very next line.
1) The story has hit numerous newsgroups, websites, including the BBC.
Google has 73,000 hits as I write, but there is no denial from D-link.

I think it would be reasonable to assume there is a problem if places
like the BBC report it, but never report a denial from the company.
There is no denial of this on the D-link web site.

2) I can understand the logic here, but I would not the toaster/coffee
maker one.

If you had waiting to respond till you read the next sentence you'd know
that the end-user 'not understanding' was the point. Especially when the
'news' gives no indication of the affected models, does not ask for
anything to be done, and states "D-Link is now taking action."

I am *not* trying to lay blame on the end users.

Then why are you arguing about end-user 'abuse' and how 'they could find
out', should 'do something', and postulate 'legal implications'?
I feel D-link are to
blame and should pay for their cock-up. If I was an end-user, and it was
not possible to solve it with a firmware upgrade, I'd look at returning
it under a warranty.

The typical end-user won't because no one's even hinted they should/could
do anything, much less asked, there's no clue given as to which models are
affected (in the 'news' anyway) and everything 'works fine' as far as they
can tell.
 
Dave said:
Yes I accept that if it only updates once/day. It seems to vary an awful
lot - on some the time server can be configured, on others it can't. On
some the update interval may be configured, on others it may not.

I don't know. What percentage of d-link routers update more or less often?
Because if more are on 24 hours than less then the idea to turn them off
will make his problem worse.

I know mine can not be configured, but I also know all the servers are
open-access, so it is not an issue.

However, many of these D-link products are connecting to US military or
government sites for which access is restricted.

I'm not surprised as the internet is full of examples/tutorials showing
tick and/or tock usno.navy.mil as the server to enter.

These folks are celebrating 8 years of their NTP client product and look at
the example screen shot.

http://www.thinkman.com/dimension4/screenshots.htm

Not only is tick.usno.navy.mil available it's the one in use.

If the product is under warranty and you can't configure it to avoid
restricted time servers, it *might* be possible to get a
refund/replacement - it would depend an awful lot on the law in your
country and/or the dealer you bought it from.

On what basis would you claim it's 'defective'? An unadjudicated complaint
that, according to the 'news' you heard about it from in the first place,
is being dealt with and has no observable impact on your system even if you
had any idea whether yours was 'one of them' or not?
 
David said:
On what basis would you claim it's 'defective'?

IANAL, but I would try arguing that if the device is connecting to time
server(s) for which it has no right to do, then there is a design fault.
An unadjudicated
complaint that, according to the 'news' you heard about it from in the
first place, is being dealt with and has no observable impact on your
system even if you had any idea whether yours was 'one of them' or not?

I did say

" ...and you can't configure it to avoid restricted time servers"

so I had already stated it was "one of them" as you put it.

Even ignoring anything on the usenet/web/BBC etc, if you are technically
savvy (and I accept not many are), you can do all the testing yourself.

1) Put a firewall in place
2) Log packets
3) Determine what the D-link product connects to.
4) Check if those IP addresses allow a device such as what you are using.

It is not particularly difficult. There is no need to cite any document
on the web - of course some information on the web might help your
cause, but it is not actually necessary.




--
Dave K MCSE.

MCSE = Minefield Consultant and Solitaire Expert.

Please note my email address changes periodically to avoid spam.
It is always of the form: month-year@domain. Hitting reply will work
for a couple of months only. Later set it manually.
 
Dave said:
IANAL, but I would try arguing that if the device is connecting to time
server(s) for which it has no right to do, then there is a design fault.

Might get away with it if the store is nice but you seem to think everyone
is as technical as you are and that's even more unlikely at the store than
with the average clueless end-user. Not to mention they'd be making a claim
that isn't 'officially' substantiated.

I just think you're expecting way too much.

I did say

" ...and you can't configure it to avoid restricted time servers"

so I had already stated it was "one of them" as you put it.

Ok, you established an unlikely premise.

Even ignoring anything on the usenet/web/BBC etc, if you are technically
savvy (and I accept not many are), you can do all the testing yourself.

1) Put a firewall in place
2) Log packets
3) Determine what the D-link product connects to.
4) Check if those IP addresses allow a device such as what you are using.

It is not particularly difficult.

For you and I but a big chunk of users don't know their windows logon isn't
the isp logon and the next step up brighter ones don't know why. For them,
and a gaggle of even brighter ones, the 'simple' steps you just listed off
might as well be written in Klingonese.

There is no need to cite any document
on the web - of course some information on the web might help your
cause, but it is not actually necessary.

I'm just being realistic. The average user isn't going to do squat till
someone tells them, in clear terms, that their unit has a problem and what
to do about it; and it better be free, or close to it, because, by golly,
it's PAID FOR. The 'socially conscious' might bother with a web search to
see if their model is affected, check the d-link web site, and/or ask the
store and, if they're brave enough, try a flash, if one is available (what
I did as soon as I read your post. The flash description reads "fixed
ntp."). The 'techno' user might check the admin interface to see what the
setting are (plus above) and then we come to the rare 'uber geekdom' types
who might think it's jolly good fun to 'debug' the thing; your 'simple' steps.

Don't get me wrong, I'm not saying any of them are 'stupid'. It just isn't
the average user's field of expertise nor do they want it to be. It's an
appliance that does something useful and they have no more interest in
dissecting it than they do in dismantling their car motor to see what mains
bearings were installed. It, and the car, are supposed to work and when
they do, 'no problem'. And the only time they've been on the web admin page
is when something didn't work and support told them to, and how, and what
to set; all of which they promptly forget as soon as it began working.

Seriously, the vast majority (not counting in here, of course) don't know,
or care, whether they've got a router, switch, gateway, or a modem combo
'whatever', what the difference is, what's in it, who made it or what model
it is much less whether it's got a... uh.. what? oh yes, a 'time thingie
something or other'.
 
David said:
Might get away with it if the store is nice but you seem to think
everyone is as technical as you are and that's even more unlikely at the
store than with the average clueless end-user. Not to mention they'd be
making a claim that isn't 'officially' substantiated.

Trying to get refunds/replacements is clearly only going to be done by a
very small fraction of users. It might be unnecessary, since if updated
firmware were made available, then flashing the devices should correct it.

But according to the web page Poul-Henning wrote

http://people.freebsd.org/~phk/dlink/

despite the fact D-link were made aware of it in Nov 2005, by 16th March
2006 there were at least 25 products for which firmware files had the
string "GPS.dix.dk" in them.

Clearly D-link have not been working overtime to correct the problem.
Perhaps a few people seeking refunds might hurry them up. If dealers
give refunds on D-link products, they might be inclined to sell less of
them and more Linksys or whatever. So a few refunds here and there might
really worry D-link - far more so than one private individual who owns
an NTP server, who they know can't afford to sue them.
For you and I but a big chunk of users don't know their windows logon
isn't the isp logon and the next step up brighter ones don't know why.

But I did say "for a technically savvy user". I don't know how many
D-link products are about with this problem, but even if 0.5% of the
owners were cable of doing this, it would still be a lot of owners. One
in 200 does not seem unreasonable.
For them, and a gaggle of even brighter ones, the 'simple' steps you
just listed off might as well be written in Klingonese.

As I said, they are simple for a technically savvy user. Of course there
are various degrees of technical ability, but I do not work in IT for a
living but I understand the technical aspects quite well.
I'm just being realistic. The average user isn't going to do squat till
someone tells them, in clear terms, that their unit has a problem and
what to do about it; and it better be free, or close to it, because, by
golly, it's PAID FOR. The 'socially conscious' might bother with a web
search to see if their model is affected, check the d-link web site,
and/or ask the store and, if they're brave enough, try a flash, if one
is available (what I did as soon as I read your post. The flash
description reads "fixed ntp.").


As a matter of interest, what is the date on your firmware file? Within
the last 10 days, which is when this was made public (7th April 2006).
Seriously, the vast majority (not counting in here, of course) don't
know, or care, whether they've got a router, switch, gateway, or a modem
combo 'whatever', what the difference is, what's in it, who made it or
what model it is much less whether it's got a... uh.. what? oh yes, a
'time thingie something or other'.

Yes I agree.

--
Dave K MCSE.

MCSE = Minefield Consultant and Solitaire Expert.

Please note my email address changes periodically to avoid spam.
It is always of the form: month-year@domain. Hitting reply will work
for a couple of months only. Later set it manually.
 
..and it wouldn't last more than 30 years at that rate! Sheesh!

The modem's only flash device appears to be an Atmel AT45DB161B. Its
datasheet makes no claims as to the minimum number of write/erase
cycles.

By comparison, early AMD flash parts (AM29Fxx) are guaranteed for a
minimum of 100,000 writes. OTOH, some early digital automobile
odometers (eg Ford Australia) use serial EEPROMs (eg Xicor X2444) that
are spec'ed for 1 million store cycles.

I'm not 100% sure that my modem updates the flash memory after *every*
time query. It may be that it updates it only when there is a
significant disparity. What *is* certain is that the modem powers up
with the date and time of the last SNTP enabled session. I can change
the time manually, and the modem will then keep the correct time, but
doing it this way does not update the EEPROM.

- Franc Zabkar
 
I don't know. What percentage of d-link routers update more or less often?
Because if more are on 24 hours than less then the idea to turn them off
will make his problem worse.

FWIW my DI-524 defaults to updating once every 24 hours, with the
option to change this. I now have it set to once every 72 hours and
using the manually entered NTP server address of
"north-america.pool.ntp.org".
 
Dave said:
David Maynard wrote:
Yes I agree.

--
Dave K MCSE.

MCSE = Minefield Consultant and Solitaire Expert.

Please note my email address changes periodically to avoid spam.
It is always of the form: month-year@domain. Hitting reply will work
for a couple of months only. Later set it manually.

I think this is a little strange that everyone on this group, did not
do some research before purchasing a router! I thought that the
carefull research that is done about chips, would carry over into
routers, and internet gear.

Ok maybe someone was going for the cheap solution, and did not eat
their own dog food, but I must say I find that a little bit annoying.
It makes me wonder what other company does this same stuff, without us
knowing about it?

I know my router is set from a site in TW, maybe I will change it, just
to get a better ntp server. I also wonder just how many different
compainies make the hardware, I know a few years ago about two or three
companies where making all the hardware, let other people lable it as
their own brand. It was not uncommon to see the same hardware in four
or five rebadged brands. I also thought it was strange that if one had
a security flaw that all of a sudden you seen multi brand name updates
as well?

I have been using ZyXel; but for the last few years I was unable to
find any firmware updates. My router is a one off 802.11b version and
they don't even list it on their website. At least I can change the ntp
server, but it is buggy, and closed source but it does not drop
connections. I have to factory flash it about once a year, as some bug
in the firmware starts stop access to some sites for no reason, is
fixed with a flash back to factory settings.

Gnu_Raiz
 
The modem's only flash device appears to be an Atmel AT45DB161B. Its
datasheet makes no claims as to the minimum number of write/erase
cycles.

By comparison, early AMD flash parts (AM29Fxx) are guaranteed for a
minimum of 100,000 writes. OTOH, some early digital automobile
odometers (eg Ford Australia) use serial EEPROMs (eg Xicor X2444) that
are spec'ed for 1 million store cycles.

I'm not 100% sure that my modem updates the flash memory after *every*
time query. It may be that it updates it only when there is a
significant disparity. What *is* certain is that the modem powers up
with the date and time of the last SNTP enabled session. I can change
the time manually, and the modem will then keep the correct time, but
doing it this way does not update the EEPROM.

....and those are the *MINIMUM* cycles (most do 10x that these days)
assuming they write back and erase exactly the same sector each time.
Sheesh - twice. Grow up Franc!
 
Dave said:
Trying to get refunds/replacements is clearly only going to be done by a
very small fraction of users. It might be unnecessary, since if updated
firmware were made available, then flashing the devices should correct it.

Not to mention having no real basis for the refund.

But according to the web page Poul-Henning wrote

http://people.freebsd.org/~phk/dlink/

despite the fact D-link were made aware of it in Nov 2005,

Well, someone at D-link was made aware that someone had a complaint but I
seriously doubt that any company, no matter how noble, would, or even
could, drop everything and instantaneously revise their product simply
because someone 'notified' them. Inertia alone would prevent it and all
bets are off once you call a lawyer.
by 16th March
2006 there were at least 25 products for which firmware files had the
string "GPS.dix.dk" in them.

Clearly D-link have not been working overtime to correct the problem.
Perhaps a few people seeking refunds might hurry them up. If dealers
give refunds on D-link products, they might be inclined to sell less of
them and more Linksys or whatever. So a few refunds here and there might
really worry D-link - far more so than one private individual who owns
an NTP server, who they know can't afford to sue them.

It's an interesting theory but you're nibbling at crumbs around the cookie
and apparently expecting some kind of 'popular uprising' but we're not
talking about taxes, nuclear war, or world peace here. Hard enough to get
folks worked up, and agree, about those things but you're asking them to go
through the pain and misery of disrupting their system, then battle the
warranty department, for no discernible benefit to themselves, and over a
matter the 'news' says is already being dealt with.

There just aren't that many Don Quixotes out there.

But I did say "for a technically savvy user". I don't know how many
D-link products are about with this problem, but even if 0.5% of the
owners were cable of doing this, it would still be a lot of owners. One
in 200 does not seem unreasonable.

One can make almost any argument sound 'plausible' if you pre-select the
appropriate assumptions but that doesn't means it's plausible in reality
and while you did say "technically savvy" the premise ignored how many of
them there might be. That's what I was addressing.

I don't know how you arrive at .5% but you then have to multiply that by
the fraction that'll give enough of a whit to exercise that expertise and I
contend the end result would be so small as to not matter.
As I said, they are simple for a technically savvy user. Of course there
are various degrees of technical ability, but I do not work in IT for a
living but I understand the technical aspects quite well.




As a matter of interest, what is the date on your firmware file? Within
the last 10 days, which is when this was made public (7th April 2006).

Well, the date on my "file" is April 16 because that's when I downloaded
it. The web site release date says March 20, two and a half weeks prior to
the 7 April 2006 date. The firmware date reported by the router, however,
is 16 Nov 2005.

So while it seems "clear" to you that d-link wasn't busting their buns to
respond it appears they did at least begin to make changes rather soon
after the complaint. 4 months from change, through qualification testing,
to release sounds a bit long but then I don't know what else was in the
queue and whether mine was the 'first', middle, or last one out.

Oh wait, I noticed the DI-624 was mentioned so I looked it up and the web
site firmware update gives a release date of 12/19/2005 (rev A&B 624) with
"Fixes NTP server issue" in the description, although that one says it's a
beta. Don't see it mentioned for rev C&D.
Yes I agree.

Too bad we'll not likely to hear what the settlement is because some of the
arguments sounded like they could be fun. For example, one of the articles
accused D-link of "freeloading." I mean, besides that being a misleading
way of putting it, d-link was supposedly 'freeloading' on an open access
server that, under proper usage restrictions, is free and run by someone
who's an active member of FreeBSD, an organization which supports the idea
of open source free software. An argument over money around all those
'frees' would just *have* to be fun to hear ;)
 
Tony said:
FWIW my DI-524 defaults to updating once every 24 hours, with the
option to change this. I now have it set to once every 72 hours and
using the manually entered NTP server address of
"north-america.pool.ntp.org".

Good man
 
I think this is a little strange that everyone on this group, did not
do some research before purchasing a router! I thought that the
carefull research that is done about chips, would carry over into
routers, and internet gear.

Ok maybe someone was going for the cheap solution, and did not eat
their own dog food, but I must say I find that a little bit annoying.
It makes me wonder what other company does this same stuff, without us
knowing about it?

I know my router is set from a site in TW, maybe I will change it, just
to get a better ntp server. I also wonder just how many different
compainies make the hardware, I know a few years ago about two or three
companies where making all the hardware, let other people lable it as
their own brand. It was not uncommon to see the same hardware in four
or five rebadged brands. I also thought it was strange that if one had
a security flaw that all of a sudden you seen multi brand name updates
as well?

Anand wrote in an article a few months ago, after visiting one of their
plants, that D-Link was one of the few real mfrs of networking
equipment.:-)
 
George said:
I have to ask what gateway/router
vendors are supposed to program into their devices for "default" NTP
look-up

pool.ntp.org.

And if the unit has any country configuration, XX.pool.ntp.org, where XX
is the country code.
 
Back
Top