From Newsgroup: comp.protocols.time.ntp

--000000000000221b9c0626bbf80d
Content-Type: text/plain; charset="UTF-8"

It seems obvious to me that ntpd should log an error and terminate when it
is unable to adjust the system clock. To my surprise, https://bugs.ntp.org/1433 pointed out that when a Linux ntpd binary built
to use capabilities is run on a kernel build without capability capability, ntpd blithely runs without complaint while effectively doing nothing. For
this specific problem, you could blame the user and say they need to use
ntpd built --without-linux-caps, but there's a more general issue of ntpd
not reporting let alone aborting on a failure to control the clock.

To explain the context a bit, I came across bug 1433 somehow and saw that
in 2019 the decade-old bug was fixed by having ntpd test for whether capabilities work before dropping root (they're needed to crank the clock
when not running as root on Linux). When capabilities do not work, ntpd
was then ignoring the request to drop root and run as a user, typically
"ntp". This meant it was silently opening up an opportunity for more
useful privilege elevation or remote code execution despite the user's
explicit configuration, and that's unacceptable to me. My intention is to change the behavior to error out when controlling the clock fails (via step
or slew). If you think that's a bad idea, please speak up and explain your reasoning.

Cheers,
Dave Hart

--000000000000221b9c0626bbf80d
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><div class=3D"gmail_default" style=3D"fon= t-family:trebuchet ms,sans-serif">It seems obvious to me that ntpd should l=
og an error and terminate when it is unable to adjust the system clock.=C2=
=A0 To my surprise, <a href=3D"https://bugs.ntp.org/1433" target=3D"_blank"= >https://bugs.ntp.org/1433</a> pointed out that when a Linux ntpd binary bu= ilt to use capabilities is run on a kernel build without capability capabil= ity, ntpd blithely runs without complaint while effectively doing nothing.= =C2=A0 For this specific problem, you could blame the user and say they nee=
d to use ntpd built --without-linux-caps, but there&#39;s a more general is= sue of ntpd not reporting let alone aborting on a failure to control the cl= ock.</div><div class=3D"gmail_default" style=3D"font-family:trebuchet ms,sa= ns-serif"><br></div><div class=3D"gmail_default" style=3D"font-family:trebu= chet ms,sans-serif">To explain the context a bit, I came across bug 1433 so= mehow and saw that in 2019 the decade-old bug was fixed by having ntpd test=
for whether capabilities work before dropping root (they&#39;re needed to = crank the clock when not running as root on Linux).=C2=A0 When capabilities=
do not work, ntpd was then ignoring the request to drop root and run as a = user, typically &quot;ntp&quot;.=C2=A0 This meant it was silently opening u=
p an opportunity for more useful privilege elevation or remote code executi=
on despite the user&#39;s explicit configuration, and that&#39;s unacceptab=
le to me.=C2=A0 My intention is to change the behavior to error out when co= ntrolling the clock fails (via step or slew).=C2=A0 If you think that&#39;s=
a bad idea, please speak up and explain your reasoning.</div><div class=3D= "gmail_default" style=3D"font-family:trebuchet ms,sans-serif"><br></div><di= v><div dir=3D"ltr" class=3D"gmail_signature" data-smartmail=3D"gmail_signat= ure"><div dir=3D"ltr">Cheers,<br>Dave Hart<br></div></div></div></div>
</div>

--000000000000221b9c0626bbf80d--

--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: comp.protocols.time.ntp

This is a multi-part message in MIME format. --------------5A229A60BC9936FE21491A6F
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable

Dave Hart wrote:

It seems obvious to me that ntpd should log an error and terminate=20
when it is unable to adjust the system clock.=C2=A0 To my surprise,=20 https://bugs.ntp.org/1433 pointed out that when a Linux ntpd binary=20
built to use capabilities is run on a kernel build without capability=20 capability, ntpd blithely runs without complaint while effectively=20
doing nothing.=C2=A0 For this specific problem, you could blame the use=

r=20

and say they need to use ntpd built --without-linux-caps, but there's=20
a more general issue of ntpd not reporting let alone aborting on a=20
failure to control the clock.

To explain the context a bit, I came across bug 1433 somehow and saw=20
that in 2019 the decade-old bug was fixed by having ntpd test for=20
whether capabilities work before dropping root (they're needed to=20
crank the clock when not running as root on Linux).=C2=A0 When capabili=

ties=20

do not work, ntpd was then ignoring the request to drop root and run=20
as a user, typically "ntp".=C2=A0 This meant it was silently opening up=

an=20

opportunity for more useful privilege elevation or remote code=20
execution despite the user's explicit configuration, and that's=20 unacceptable to me.=C2=A0 My intention is to change the behavior to err=

or=20

out when controlling the clock fails (via step or slew).=C2=A0 If you t=

hink=20

that's a bad idea, please speak up and explain your reasoning.

Cheers,
Dave Hart

I agree, that seems like The Right Thing to do.

Terje
PS. I'm going to retire soon, so my intention is to get back into NTP=20 Hackers work at that point!

--=20
- <Terje@tmsw.no>
"almost all programming can be viewed as an exercise in caching"


--------------5A229A60BC9936FE21491A6F
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF=

</head>
<body text=3D"#000000" bgcolor=3D"#FFFFFF">
<div class=3D"moz-cite-prefix">Dave Hart wrote:<br>
</div>
<blockquote type=3D"cite" cite=3D"mid:CAMbSiYDb+wETmibMR4QauyQ9d3aRGUtRr011U3rnsuwea_HXeA@mail.gmai= l.com">
<meta http-equiv=3D"content-type" content=3D"text/html; charset=3DU= TF-8">
<meta http-equiv=3D"content-type" content=3D"text/html; charset=3DU= TF-8">
<div dir=3D"ltr">
<div dir=3D"ltr">
<div class=3D"gmail_default" style=3D"font-family:trebuchet
ms,sans-serif">It seems obvious to me that ntpd should log
an error and terminate when it is unable to adjust the
system clock.=C2=A0 To my surprise, <a
href=3D"https://bugs.ntp.org/1433" target=3D"_blank"
moz-do-not-send=3D"true">https://bugs.ntp.org/1433</a>
pointed out that when a Linux ntpd binary built to use
capabilities is run on a kernel build without capability
capability, ntpd blithely runs without complaint while
effectively doing nothing.=C2=A0 For this specific problem, y=
ou
could blame the user and say they need to use ntpd built
--without-linux-caps, but there's a more general issue of
ntpd not reporting let alone aborting on a failure to
control the clock.</div>
<div class=3D"gmail_default" style=3D"font-family:trebuchet
ms,sans-serif"><br>
</div>
<div class=3D"gmail_default" style=3D"font-family:trebuchet
ms,sans-serif">To explain the context a bit, I came across
bug 1433 somehow and saw that in 2019 the decade-old bug was
fixed by having ntpd test for whether capabilities work
before dropping root (they're needed to crank the clock when
not running as root on Linux).=C2=A0 When capabilities do not=

work, ntpd was then ignoring the request to drop root and
run as a user, typically "ntp".=C2=A0 This meant it was silen=
tly
opening up an opportunity for more useful privilege
elevation or remote code execution despite the user's
explicit configuration, and that's unacceptable to me.=C2=A0 =
My
intention is to change the behavior to error out when
controlling the clock fails (via step or slew).=C2=A0 If you
think that's a bad idea, please speak up and explain your
reasoning.</div>
<div class=3D"gmail_default" style=3D"font-family:trebuchet
ms,sans-serif"><br>
</div>
<div>
<div dir=3D"ltr" class=3D"gmail_signature"
data-smartmail=3D"gmail_signature">
<div dir=3D"ltr">Cheers,<br>
Dave Hart<br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<tt>I agree, that seems like The Right Thing to do.<br>
<br>
Terje<br>
PS. I'm going to retire soon, so my intention is to get back into
NTP Hackers work at that point!<br>
</tt><br>
<pre class=3D"moz-signature" cols=3D"72">--=20
- <a class=3D"moz-txt-link-rfc2396E" href=3D"mailto:Terje@tmsw.no">&lt;Te= rje@tmsw.no&gt;</a>
"almost all programming can be viewed as an exercise in caching"
</pre>
</body>
</html>

--------------5A229A60BC9936FE21491A6F--

--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: comp.protocols.time.ntp

--000000000000d8fc360626d64d56
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, Nov 14, 2024 at 2:31=E2=80=AFAM Majdi S. Abbas <msa@latt.net> wrote=
:

On Tue, Nov 12, 2024 at 07:10:12PM +0000, Dave Hart wrote:

It seems obvious to me that ntpd should log an error and terminate when

it

is unable to adjust the system clock. To my surprise, https://bugs.ntp.org/1433 pointed out that when a Linux ntpd binary

built

to use capabilities is run on a kernel build without capability

capability,

ntpd blithely runs without complaint while effectively doing nothing.

For

this specific problem, you could blame the user and say they need to us=

e

ntpd built --without-linux-caps, but there's a more general issue of nt=

pd

not reporting let alone aborting on a failure to control the clock.

Note that widely used operating systems, like Apple's OS X, run
ntpd as a monitoring service that explicitly does not/cannot discipline
the clock.

I've also heard of people explicitly running ntpd to monitor and
log statistics, without wanting it to discipline the clock.

Perhaps the cleanest way to do this is add a flag to run the
daemon without attempting to discipline the clock?

I believe that flag is already there, "disable ntp". I haven't used it
though.

Cheers,
Dave Hart

--000000000000d8fc360626d64d56
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><div><div class=3D"gmail_default" style= =3D"font-family:&quot;trebuchet ms&quot;,sans-serif"></div></div></div><div=
class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Thu, Nov 14=
, 2024 at 2:31=E2=80=AFAM Majdi S. Abbas &lt;<a href=3D"mailto:msa@latt.net= ">msa@latt.net</a>&gt; wrote:<br></div><blockquote class=3D"gmail_quote" st= yle=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padd= ing-left:1ex">On Tue, Nov 12, 2024 at 07:10:12PM +0000, Dave Hart wrote:<br=

&gt; It seems obvious to me that ntpd should log an error and terminate whe=
n it<br>
&gt; is unable to adjust the system clock.=C2=A0 To my surprise,<br>
&gt; <a href=3D"https://bugs.ntp.org/1433" rel=3D"noreferrer" target=3D"_bl= ank">https://bugs.ntp.org/1433</a> pointed out that when a Linux ntpd binar=
y built<br>
&gt; to use capabilities is run on a kernel build without capability capabi= lity,<br>
&gt; ntpd blithely runs without complaint while effectively doing nothing.= =C2=A0 For<br>
&gt; this specific problem, you could blame the user and say they need to u= se<br>
&gt; ntpd built --without-linux-caps, but there&#39;s a more general issue =
of ntpd<br>
&gt; not reporting let alone aborting on a failure to control the clock.<br=


=C2=A0 =C2=A0 =C2=A0 =C2=A0 Note that widely used operating systems, like A= pple&#39;s OS X, run<br>
ntpd as a monitoring service that explicitly does not/cannot discipline<br>
the clock.<br>

=C2=A0 =C2=A0 =C2=A0 =C2=A0 I&#39;ve also heard of people explicitly runnin=
g ntpd to monitor and<br>
log statistics, without wanting it to discipline the clock.<br>

=C2=A0 =C2=A0 =C2=A0 =C2=A0 Perhaps the cleanest way to do this is add a fl=
ag to run the<br>
daemon without attempting to discipline the clock?<br></blockquote><div><br= ></div><div class=3D"gmail_default" style=3D""><span style=3D"font-family:&= quot;trebuchet ms&quot;,sans-serif">I believe that flag is already there, &= quot;</span><font face=3D"monospace">disable ntp&quot;</font><font face=3D"= trebuchet ms, sans-serif">.=C2=A0 I haven&#39;t used it though.</font></div= ><div class=3D"gmail_default" style=3D""><div><br></div><div><div dir=3D"lt=
r" class=3D"gmail_signature"><div dir=3D"ltr"><font face=3D"tahoma, sans-se= rif" color=3D"#666666">Cheers,<br>Dave Hart</font></div></div></div><br cla= ss=3D"gmail-Apple-interchange-newline"></div></div></div>

--000000000000d8fc360626d64d56--

--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: comp.protocols.time.ntp

On Tue, Nov 12, 2024 at 07:10:12PM +0000, Dave Hart wrote:

It seems obvious to me that ntpd should log an error and terminate when it
is unable to adjust the system clock. To my surprise, https://bugs.ntp.org/1433 pointed out that when a Linux ntpd binary built
to use capabilities is run on a kernel build without capability capability, ntpd blithely runs without complaint while effectively doing nothing. For this specific problem, you could blame the user and say they need to use
ntpd built --without-linux-caps, but there's a more general issue of ntpd
not reporting let alone aborting on a failure to control the clock.

Note that widely used operating systems, like Apple's OS X, run
ntpd as a monitoring service that explicitly does not/cannot discipline
the clock.

I've also heard of people explicitly running ntpd to monitor and
log statistics, without wanting it to discipline the clock.

Perhaps the cleanest way to do this is add a flag to run the
daemon without attempting to discipline the clock?

--msa

--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: comp.protocols.time.ntp

On 11/13/2024 6:35 PM, Dave Hart wrote:

On Thu, Nov 14, 2024 at 2:31rC>AM Majdi S. Abbas <msa@latt.net <mailto:msa@latt.net>> wrote:

On Tue, Nov 12, 2024 at 07:10:12PM +0000, Dave Hart wrote:
> It seems obvious to me that ntpd should log an error and
terminate when it
> is unable to adjust the system clock.-a To my surprise,
> https://bugs.ntp.org/1433 <https://bugs.ntp.org/1433> pointed out
that when a Linux ntpd binary built
> to use capabilities is run on a kernel build without capability
capability,
> ntpd blithely runs without complaint while effectively doing
nothing.-a For
> this specific problem, you could blame the user and say they need
to use
> ntpd built --without-linux-caps, but there's a more general issue
of ntpd
> not reporting let alone aborting on a failure to control the clock.

-a -a -a -a Note that widely used operating systems, like Apple's OS X, run
ntpd as a monitoring service that explicitly does not/cannot discipline
the clock.

-a -a -a -a I've also heard of people explicitly running ntpd to
monitor and
log statistics, without wanting it to discipline the clock.

-a -a -a -a Perhaps the cleanest way to do this is add a flag to run the
daemon without attempting to discipline the clock?

I believe that flag is already there, "disable ntp".-a I haven't used it though.

To be clear, deciding when ntpd should abort if it cannot discipline the
clock should be done at the "right" place in the code - not too early,
and not too late.

Cheers,
Dave Hart

--
Harlan Stenn <stenn@nwtime.org>
https://www.nwtime.org/ - be a member!

--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: comp.protocols.time.ntp

--000000000000ca93730626db89e7
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, Nov 14, 2024 at 7:04=E2=80=AFAM Harlan Stenn <stenn@nwtime.org> wro= te:

To be clear, deciding when ntpd should abort if it cannot discipline the clock should be done at the "right" place in the code - not too early,
and not too late.

Well, Goldilocks, it seems obvious to me -- when an attempt to modify the system time/clock rate fails.

Cheers,
Dave Hart

--000000000000ca93730626db89e7
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><div><div class=3D"gmail_default" style= =3D"font-family:&quot;trebuchet ms&quot;,sans-serif"></div></div></div><br>= <div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Thu, No=
v 14, 2024 at 7:04=E2=80=AFAM Harlan Stenn &lt;<a href=3D"mailto:stenn@nwti= me.org">stenn@nwtime.org</a>&gt; wrote:<br></div><blockquote class=3D"gmail= _quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204= ,204);padding-left:1ex">To be clear, deciding when ntpd should abort if it = cannot discipline the <br>
clock should be done at the &quot;right&quot; place in the code - not too e= arly, <br>
and not too late.<br></blockquote><div><br></div><div class=3D"gmail_defaul=
t" style=3D"font-family:&quot;trebuchet ms&quot;,sans-serif">Well, Goldiloc= ks, it seems obvious to me -- when an attempt to modify the system time/clo=
ck rate fails.</div><div><div dir=3D"ltr" class=3D"gmail_signature"><div di= r=3D"ltr"><div><font face=3D"tahoma, sans-serif" color=3D"#666666"><br></fo= nt></div><font face=3D"tahoma, sans-serif" color=3D"#666666">Cheers,<br>Dav=
e Hart</font></div></div></div><br class=3D"gmail-Apple-interchange-newline= "></div></div>

--000000000000ca93730626db89e7--

--- Synchronet 3.21d-Linux NewsLink 1.2

From Newsgroup: comp.protocols.time.ntp

--------------AfEcBvlq5rFiTPGj2jj3RC0c
Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit

Solaris also has a monitor mode for NTP. When that mode is invoked, we explicitly drop the privilege needed to adjust the clock. Another
situation is if ntpd is run in a Solaris zone (similar to a Linux
container). By default these zones don't have the privilege needed to
set the clock.-a In a perfect world, ntpd would exit abnormally with an
error message when it is run in a zone without the priv to set the clock
and when run in monitor mode, the ntp.conf file would always contain
"disable ntp". However, I can't control what the admin puts into the
ntp.conf file. Further, it can be convenient to be able to switch
between the two modes without-a having to change the ntp.conf file.

What we actually do is report the error once the first time, and if it persists, stop trying to set the clock. When in monitor mode, we set an environment variable to suppress reporting the error the first time.

That being said, I am sure I can work around whatever you put into the
code, as I am doing now. Indeed, perhaps a better approach would be to
set "disable ntp" when ntpd sees the environment variable.


On 11/14/2024 3:49 AM, Dave Hart wrote:

On Thu, Nov 14, 2024 at 7:04rC>AM Harlan Stenn <stenn@nwtime.org> wrote:

To be clear, deciding when ntpd should abort if it cannot
discipline the
clock should be done at the "right" place in the code - not too
early,
and not too late.

Well, Goldilocks, it seems obvious to me -- when an attempt to modify
the system time/clock rate fails.

Cheers,
Dave Hart

--
--
I haven't lost my mind, it is backed up in the cloud somewhere.

Oracle <http://www.oracle.com>
Brian Utterback, Principal Software Engineer
Phone: +16038973049 <tel:+16038973049>, Mobile: +16035577683 <tel:+16035577683>
https://oracle.zoom.us/s/2728168892
One Oracle Drive, Nashua, NH 03062

--------------AfEcBvlq5rFiTPGj2jj3RC0c
Content-Type: multipart/related;
boundary="------------XuGIJiSdHYVEpWmHMdkdefPH"

--------------XuGIJiSdHYVEpWmHMdkdefPH
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

<!DOCTYPE html><html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
Solaris also has a monitor mode for NTP. When that mode is invoked,
we explicitly drop the privilege needed to adjust the clock. Another
situation is if ntpd is run in a Solaris zone (similar to a Linux
container). By default these zones don't have the privilege needed
to set the clock.&nbsp; In a perfect world, ntpd would exit abnormally
with an error message when it is run in a zone without the priv to
set the clock and when run in monitor mode, the ntp.conf file would
always contain &quot;disable ntp&quot;. However, I can't control what the
admin puts into the ntp.conf file. Further, it can be convenient to
be able to switch between the two modes without&nbsp; having to change
the ntp.conf file. <br>
<br>
What we actually do is report the error once the first time, and if
it persists, stop trying to set the clock. When in monitor mode, we
set an environment variable to suppress reporting the error the
first time. <br>
<br>
That being said, I am sure I can work around whatever you put into
the code, as I am doing now. Indeed, perhaps a better approach would
be to set &quot;disable ntp&quot; when ntpd sees the environment variable. <br>
<br>
<br>
<div class="moz-cite-prefix">On 11/14/2024 3:49 AM, Dave Hart wrote:<br>
</div>
<blockquote type="cite" cite="mid:CAMbSiYBwjOkQsUNdUT0J0_7xFRZOwjgCCufU8QFDRSYMQ2FUEA@mail.gmail.com">

<div dir="ltr"><br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Thu, Nov 14, 2024 at
7:04rC>AM Harlan Stenn &lt;<a href="mailto:stenn@nwtime.org" moz-do-not-send="true" class="moz-txt-link-freetext">stenn@nwtime.org</a>&gt;
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">To
be clear, deciding when ntpd should abort if it cannot
discipline the <br>
clock should be done at the &quot;right&quot; place in the code - not
too early, <br>
and not too late.<br>
</blockquote>
<div><br>
</div>
<div class="gmail_default" style="font-family:&quot;trebuchet ms&quot;,sans-serif">Well,
Goldilocks, it seems obvious to me -- when an attempt to
modify the system time/clock rate fails.</div>
<div>
<div dir="ltr" class="gmail_signature">
<div dir="ltr">
<div><font face="tahoma, sans-serif" color="#666666"><br>
</font></div>
<font face="tahoma, sans-serif" color="#666666">Cheers,<br>
Dave Hart</font></div>
</div>
</div>
<br class="gmail-Apple-interchange-newline">
</div>
</div>
</blockquote>
<br>
<div class="moz-signature">-- <br>
-- <br>
<font color="#666666" face="Verdana, Arial, Helvetica, sans-serif" size="2">I haven't lost my mind, it is backed up in the cloud
somewhere.</font>
<p><font color="#666666" face="Verdana, Arial, Helvetica, sans-serif" size="2"></font>
<a href="http://www.oracle.com" target="_blank"><img src="cid:part1.W1HLnCq1.9YoAz4nf@oracle.com" alt="Oracle" width="114" height="26" border="0"></a><br>
<font color="#312D2A" size="2" face="Oracle Sans, Verdana, Arial, Helvetica, sans-serif">Brian
Utterback, Principal Software Engineer<br>
Phone: <a href="tel:+16038973049" moz-do-not-send="true">+16038973049</a>,
Mobile: <a href="tel:+16035577683" moz-do-not-send="true">+16035577683</a>
<br>
<a href="https://oracle.zoom.us/s/2728168892" moz-do-not-send="true" class="moz-txt-link-freetext">https://oracle.zoom.us/s/2728168892</a><br>
One Oracle Drive, Nashua, NH 03062</font>
<br>
<!-- This signature was generated by the MyDesktop Oracle Business Signature utility version 7.0.200 -->
<!-- Sent through Thunderbird on my laptop -->
</p>
</div>
</body>
</html>
--------------XuGIJiSdHYVEpWmHMdkdefPH
Content-Type: image/png; name="oracle-signature.png"
Content-Disposition: inline; filename="oracle-signature.png"
Content-Id: <part1.W1HLnCq1.9YoAz4nf@oracle.com>
Content-Transfer-Encoding: base64

iVBORw0KGgoAAAANSUhEUgAAAdsAAABtCAMAAADeQDvaAAAAM1BMVEX////HRjTHRjTHRjTHRjTH RjTHRjTHRjTHRjTHRjTHRjTHRjTHRjTHRjTHRjTHRjTHRjRvzzViAAAAEHRSTlMAQBAgMKDA8JBQ gNBgsHDg4F7WEgAAAAFvck5UAc+id5oAAAksSURBVHja7V3tguo4CLXRfthWnfd/2p1RqxCgSQDv 7N7l/HQ0Tc8hhBCSORwC/0901Uilpo71bQGcDH3vh3EcJkMLTQS8Opt8um/nUJbkPA/jVwuWfj3u 9Gtuagw0q1PntGwNXIpm50TA1/lhDuCTwU/Wa7+09UZ69vmiFOIqEqnV9hu3a7M8K5BlVBiHhoDL 4VPaHudbe3fYgZY0Lb3QC4PXoO23PGsbGSf860bT0BEwHj+kbacaaDMrQqMnqlTXpO03S036ZO7r 0sTlVUfAdZPCV9vjoOrNwhmJZcw+MV6Zho3aNnlW8qyu/rdd47RGZHTVNmlpY954sit7fyc6dK3a fo3nalMnv71Vj3p1N19v7KntSWloXxO1Em1TVAhiN2Zt60cu48Wmul8mnQP8gtObo7ardnqktnxy 8Mcv5NGPXdtXtFLAlfttlV2ohwmc3vy01VNGXNzJGkRhrF4dZRmUcRy1PzUQAEzHTdte3RsSOzpL m4vroS0f2Ge4aH9qIAC6fC9t9aEPWfPxc+04VIF35mjOhdouda0OS7HXFGfphUsO3UAASn05abuy b1HFHEkG0Chi7M/1i8puptQgOqG21UuStGZWUxx9SRx8JZ6NBLyZcNH2RF9guSrT08Rl3hpTQd/d IRPEIjygYbmZdWwsfX3Hk10bnqMi4AEXbRPxhH1dIMkgN5PWJN8DJIcChplW20OHRmKhXx16/IT6 s+vQfQjIu6DWNg8aLmpliUPS7p2Q9ce7S2pt8cxTSB8ic78lHDPv/daLAB9tsYk2pG1K9NWFowKy YPNNp15bZMT7Thk71jPzwccJcNEWe+TFtA2M21K7ox9k4r5kNGiLcoh7zgk71gt5Mzn16EiAg7bY 0ha9DyFtWYz2kIvbbx8btEXbOl3l955RejYB/wECHLRFlta6Q7nHSduGGAO8wtzGmUXbuY54PNk/ w2IcvAtP9iTAri0m0FaXg1yZ0Ux+gNYhmxYWbTumPQocOG3rL7zgvX2eALu2KEg2elGkhWmuYejc 2Py8tjjUfZl7hb91JcCsbSobYz1u1t7kmBmSLdpCJzXXfAl9TdBcIMBKpl1bZIytVGVAHslh2GYD 9znvec23UnYp873AseLomaH76EqAWVsYIVgtbXVs6wno5J6hyafj5J2YCS9yqXFAAopJzSLM2kIv YrU0yEplfUIJcKg8zcWgLVrHHCu+k4W6ODlLN4SgJfYHK6zaoun2rKrYfxe9w/nIktyCgA7y8YlB W9hBwbGk3SUhFn7Ya99OgFXbLN+owzZGoQ72BRCl66GkXlu0bBXGFd7+IW4Xp95z/XwJsGrLb9y2 4RVuwM/Mb/YEVVKtLX5XflyVwiUcaOXDGv7J/upWbT0KVF4sGftS7OBKPmnQNuERKRgfrgtgpmSc ssoGvy8B/wJtX+EGnLvdtKXZBpW2pykro+BXt3P5O1h91AFnAn5f27df+si5swptU18s/CG95jdy jq1pRdyOMwG/ry1YOH1CWzhJSuNWUenOz7bYBgSngH07Wuv9ZdrCh35C26pYKrUeUON3aHCwJS1Q swokmHr8u7RF63f4By9tYT5kJ05uK6/mN6n3Y+A3cL4Zlun5EvDb2qIFIDRoQ8kVAnS3J1nbpsWc cB5of+0KgF33vNfZ39TWmLvAByjgO7tsFWR5s8OOtg3HmQRp8XDcIxOHXMB1QQL2C13/hLYo6qss 0gfALEHWzUUXT8WoIUlroNqTGgvvUkq5YulFIe++BJjDbthJqxtBlu/jlOFI6CmBKJStOzw3CfMo Dn8LRQr4Sa8h6kuAWVtInnXvJjWwUwe0IfqcAeXcRcVaaJCyHXhyKh3Ww99+hV2+BJi1nbk+ajF4 NvYDFN4k2uNMqVQIly9yHitPN037k5FQPO1KgFlbNOFaTQ0lWx12cDuOwN2co3yKZ+nXHbLxDDq1 BplbUF2z06R6e91yGYYQlefJRSCfZK3QycObLfLezyeTtVBfc60avtjinkhsOrW6pR5dCbBriyzW mk1BPtHslHBrXIcZ9s55uFzjjPCK9T4KU9O9DhPbZRsBdm2xyVqPAqDGbGcUpMi1tA9E1kJ9sRt4 4465lq2MjmPTRoDD1gOOP4w5h4vfu2XnZRP3Oev1jnm4XOqGkItoSlJvkXXf9ORdOGibXaJkEzdr zHBwLAt532me8v4tWQsVLh268E9KTddWzN4EuGwZ9mwnlcgS1KMy9ZbnIRb+CXV1qIVzp2LuX7rx ggdTGm8g4OCjbW6fgyVaJiHIoIgW0yQQl5Mntk32QGSKs9eHA63pArAn/cRpaAi4w2WrP7fPcTZM E/TujKH17lOagYC+pK6mhq6FpG/uJBuPTV75KhOg4tOnjIOQOU76scvttl3mrqtoMXXdtWfWHijv Xlkv1eW6CHENDoezWhv2ZjgJWxDGETDM5xoCxJ4tusrxxCdib/2103kT/TVkArAqtbVwZC10Y+Ma bEqNb8ycr3chYKVWp8F9cdHmfDjAwjFncbMBV13nSMNl5ut4Ym7emOOvwbAS8PDAdm2vvJG3AtHm Km7uS+trWOllqGTmt91rLh4xMRJw9NF2m6SN4mYbA063J/+ATJMt9cmE4zyiwuor1itnvnlTrdIz nrNq+94d0F8L+8UYvPrC3hw0vG2qPSfBEL7SHv/ZvAEOOmQgYFthW7UFltpcCApAUwNHl9uxuZxD 27kCErTCTFEWZqjWBswW0uNz9e3Y20u51rIp/3eCEIKoW3uDzfI3nhkhkw2IqMSCxRaI50yUBLym t6T6+QvZqkBpa8K2bzL+oxEhodN6Hohewr5FVHiu1B49lGvRVQSAFbZ65P+AWmqnaU8MQQz/IGjs pSx781kvunp/DI0kXDzXCrkWXUMA6IZlZcpWfLX/g6DdEOQ0KeQdLztZuvZzfLSM6n6DJv7UUAGz 69pPU1PkgaY3w/99EJhJa5u8pRDkeJ7LJ+3eV3/P6/6+2CrWR8sglW3TzwSEYEih45bozaupqycA /zhd22vG79iLHU7rXNuMvYA+EAgEAoFAIBAIBAKBQCAQCAQCgUAgEAgEAoFAIBAIBAKBQCAQCAQC gUAgEAgEAoFAIBAIBAKBQCAQCAQCgUAgEAgEAoFAIBAIBP4T+Ac9bumbta5LSQAAAABJRU5ErkJg gg==

--------------XuGIJiSdHYVEpWmHMdkdefPH--

--------------AfEcBvlq5rFiTPGj2jj3RC0c--

--- Synchronet 3.21d-Linux NewsLink 1.2