dnssec the sysadmin has some idea what's going on in logs, and
"aggressive-nsec: yes", if we're using dnssec anyway we might as well
get the benefits. These were both enabled last time dnssec was enabled
in this sample unbound.conf.
ok florian@
things and can easily exceed the previous 1.5GB limit.
(obviously, as with amd64, machines with less physical RAM won't cope with
building the largest ports).
ok deraadt phessler millert kettenis
as found the hard way by d.rauschenb@gmail on an old fujitsu siemens
machine, reading all of hw (notable hw.setperf) can have unexpected
side-effects. ok deraadt
as a one-shot at boot without more complex kernel work, and also includes
some serial numbers/guids which may add a little more entropy e.g. for
systems where /etc/random.seed may be known (e.g. cloned disk images).
"why not" deraadt@
violations in system accounting. This will help to find missbehaving
programs and possible attacks. The flags bit field is full, so
recycle the PDP-11 compatibility on VAX. lastcomm(1) prints the
AMAP flag as 'M'. daily(8) prints a list of affected processes.
OK deraadt@
in the default smtpd.conf and smtpd.conf(5) manual page. This
eliminates ambiguity in our documentation examples that can cause
confusion.
Input and OK deraadt@ schwarze@ kn@
The firmware on OCTEON machines usually does not provide an interface
for accessing devices, which has made it tricky to implement an OpenBSD
bootloader. To solve this device access problem, this new loader has
been built on top of a small kernel. The kernel provides all the
necessary devices drivers, while most of the usual bootloader logic
is in a userspace program in a ramdisk.
The loader program is accompanied by a special device, octboot(4).
The main purpose of this device is to implement a mechanism for
loading and launching kernels. The mechanism has been inspired by Linux'
kexec(2) system call.
The bootloader will be enabled later when it is ready for general use.
Discussed with deraadt@
Note that, at this time, Unbound does not re-use TLS connections
(https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=4089) so the
TCP and TLS handshakes will cause a disproportiate increase in
latency compared to UDP. ok sthen@ florian@
- Cloudflare have very good adjacency (if PCH did anycast ntp, we'd use it)
- As ntp input, it is great they don't leapsmear
- Not all their nodes do ntp, hope they succeed at scaling that up
- ntpd constrains (un-auth) ntp packets within a TLS constraint window
so there is no downside (unlike pool.ntp entries which slowly decay
but that's a story for another commit..)
ok otto
for anything other than a regular old mouse, X needs to be able to
directly talk to the device and newer machines can have all kinds of
touchscreens, pen devices, touchpads, etc.
ok deraadt