Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It really depends what the 'threat model' is.

If you are creating, for instance, an idle game where the user can pay to skip time; that's a problem.

If you are doing cryptographic checks dependent on time, that's a big deal (eg: how do we handle when the client or service goes "wtf, no. That's the wrong time")



This is my issue with a lot of technical aspects of software engineering.

I can read and understand about clock drift, vector clocks etc.

But I sometimes struggle to align that with real world design and architecture.

An IoT device reported an event happened at t=1, but t is not accurate. Ok, so? What exactly can I do about that?


In that case, the best you can hope for is to centralize time on the server. The IoT devices can keep local differential time or contact the server (or a log server or somewhere else) at the time of the event. It's kind of messy, since you are asking to trust a client's data, which is untrustworthy.


> If you are creating, for instance, an idle game where the user can pay to skip time; that's a problem.

This statement is also true in isolation.


Have had plenty of problems with WPA-Enterprise auth refusing to join a wifi network on account of a wildly wrong computer time. Which in turn means that the computer can't get a correct time on account of not being able to ask an NTP server.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: