===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/60.html,v
retrieving revision 1.13
retrieving revision 1.14
diff -c -r1.13 -r1.14
*** www/60.html	2016/07/21 22:31:36	1.13
--- www/60.html	2016/07/22 17:49:04	1.14
***************
*** 135,140 ****
--- 135,149 ----
      <li>Remove
          <a href="http://man.openbsd.org/OpenBSD-5.9/systrace">systrace</a>.
      <li>Remove Linux emulation support.
+     <li>The TCP SYN cache does reseed its random hash function from
+         time to time.
+         This prevents that an attacker can figure out the distribution
+         of the hash function with a timing attack.
+     <li>To work against SYN flooding attacks the administrator can
+         change the size of the hash array now.
+         <a href="http://man.openbsd.org/netstat.1">netstat(1)<a>
+         <tt>-s -p tcp</tt> shows the relevant information to tune
+         the SYN cache.
      <li>...
      </ul>
  <p>
***************
*** 194,199 ****
--- 203,217 ----
          <a href="http://man.openbsd.org/wall.1">wall(1)</a>.
      <li>Handle the <a href="http://man.openbsd.org/?apropos=1&amp;query=Ev%3DCOLUMNS">COLUMNS</a>
          environment variable consistently across many programs.
+     <li>The options <tt>-c</tt> and <tt>-k</tt> allow to provide
+         TLS client certificates for
+         <a href="http://man.openbsd.org/syslogd.8">syslogd(8)</a>
+         on the sending side.
+         With that the receiving side can check wether log messages
+         are authentic.
+         Note that syslogd does not have this check feature yet.
+     <li>When the klog buffer overflows, syslogd will write a log
+         message to show that some entries is missing.
      <li>...
      </ul>
  <p>