mirror of
https://git.FreeBSD.org/src.git
synced 2025-01-11 14:10:34 +00:00
Spelling: s/then/than/ where appropriate.
This commit is contained in:
parent
dcce7232ef
commit
074ad11567
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=108260
@ -136,7 +136,7 @@ for further information.
|
||||
Region is not included in a core file.
|
||||
.It Dv MAP_NOSYNC
|
||||
Causes data dirtied via this VM map to be flushed to physical media
|
||||
only when necessary (usually by the pager) rather then gratuitously.
|
||||
only when necessary (usually by the pager) rather than gratuitously.
|
||||
Typically this prevents the update daemons from flushing pages dirtied
|
||||
through such maps and thus allows efficient sharing of memory across
|
||||
unassociated processes using a file-backed shared memory map.
|
||||
@ -175,7 +175,7 @@ The same applies when using
|
||||
to implement a file-based shared memory store.
|
||||
It is recommended that you create the backing store by
|
||||
.Fn write Ns ing
|
||||
zero's to the backing file rather then
|
||||
zero's to the backing file rather than
|
||||
.Fn ftruncate Ns ing
|
||||
it.
|
||||
You can test file fragmentation by observing the KB/t (kilobytes per
|
||||
@ -200,7 +200,7 @@ system call is obsolete since
|
||||
implements a coherent file system buffer cache.
|
||||
However, it may be
|
||||
used to associate dirty VM pages with file system buffers and thus cause
|
||||
them to be flushed to physical media sooner rather then later.
|
||||
them to be flushed to physical media sooner rather than later.
|
||||
.It Dv MAP_PRIVATE
|
||||
Modifications are private.
|
||||
.It Dv MAP_SHARED
|
||||
|
@ -134,7 +134,7 @@ seconds
|
||||
.Em between sending each packet .
|
||||
The default is to wait for one second between each packet.
|
||||
The wait time may be fractional, but only the super-user may specify
|
||||
values less then 1 second.
|
||||
values less than 1 second.
|
||||
This option is incompatible with the
|
||||
.Fl f
|
||||
option.
|
||||
|
@ -164,7 +164,7 @@ other side of the mirror.
|
||||
Currently
|
||||
.Nm
|
||||
uses a dual seek zone model to optimize reads for a multi-tasking load
|
||||
rather then a sequential load.
|
||||
rather than a sequential load.
|
||||
.Pp
|
||||
In an event of a disk
|
||||
failure, you can use
|
||||
|
@ -172,7 +172,7 @@ by
|
||||
.Va i_data
|
||||
and
|
||||
.Va i_len .
|
||||
The length should be no longer then 32 characters.
|
||||
The length should be no longer than 32 characters.
|
||||
.It Dv IEEE80211_IOC_WEP
|
||||
Set the current WEP mode to the value given in
|
||||
.Va i_val .
|
||||
|
@ -341,7 +341,7 @@ effectively disables the algorithm.
|
||||
This puts an upper bound on the bandwidth delay product window, in bytes.
|
||||
This value should not generally be modified but may be used to set a
|
||||
global per-connection limit on queued data, potentially allowing you to
|
||||
intentionally set a less then optimum limit to smooth data flow over a
|
||||
intentionally set a less than optimum limit to smooth data flow over a
|
||||
network while still being able to specify huge internal TCP buffers.
|
||||
.It tcp.inflight_stab
|
||||
The bandwidth delay product algorithm requires a slightly larger window
|
||||
|
@ -74,7 +74,7 @@ nearly impossible to stop short of cutting your system off from the Internet.
|
||||
It may not be able to take your machine down, but it can fill up Internet
|
||||
pipe.
|
||||
.Pp
|
||||
A user account compromise is even more common then a D.O.S. attack. Many
|
||||
A user account compromise is even more common than a D.O.S. attack. Many
|
||||
sysadmins still run standard telnetd, rlogind, rshd, and ftpd servers on their
|
||||
machines. These servers, by default, do not operate over encrypted
|
||||
connections. The result is that if you have any moderate-sized user base,
|
||||
@ -174,7 +174,7 @@ to root without having to place anyone at all in the wheel group. This
|
||||
may be the better solution since the wheel mechanism still allows an
|
||||
intruder to break root if the intruder has gotten hold of your password
|
||||
file and can break into a staff account. While having the wheel mechanism
|
||||
is better then having nothing at all, it isn't necessarily the safest
|
||||
is better than having nothing at all, it isn't necessarily the safest
|
||||
option.
|
||||
.Pp
|
||||
An indirect way to secure the root account is to secure your staff accounts
|
||||
@ -276,7 +276,7 @@ Still, root holes are occasionally found in these binaries. A root hole
|
||||
was found in Xlib in 1998 that made xterm
|
||||
(which is typically suid)
|
||||
vulnerable.
|
||||
It is better to be safe then sorry and the prudent sysadmin will restrict suid
|
||||
It is better to be safe than sorry and the prudent sysadmin will restrict suid
|
||||
binaries that only staff should run to a special group that only staff can
|
||||
access, and get rid of
|
||||
.Pq Li "chmod 000"
|
||||
@ -369,7 +369,7 @@ while it may protect the files, it also closes a detection window. The
|
||||
last layer of your security onion is perhaps the most important - detection.
|
||||
The rest of your security is pretty much useless (or, worse, presents you with
|
||||
a false sense of safety) if you cannot detect potential incursions. Half
|
||||
the job of the onion is to slow down the attacker rather then stop him
|
||||
the job of the onion is to slow down the attacker rather than stop him
|
||||
in order to give the detection side of the equation a chance to catch him in
|
||||
the act.
|
||||
.Pp
|
||||
@ -413,7 +413,7 @@ such as
|
||||
and
|
||||
.Pa /usr
|
||||
.Pp
|
||||
When using ssh rather then NFS, writing the security script is much more
|
||||
When using ssh rather than NFS, writing the security script is much more
|
||||
difficult. You essentially have to
|
||||
.Pa scp
|
||||
the scripts to the client box in order to run them, making them visible, and
|
||||
@ -608,7 +608,7 @@ with
|
||||
These routes typically timeout in 1600
|
||||
seconds or so. If the kernel detects that the cached route table has gotten
|
||||
too big it will dynamically reduce the rtexpire but will never decrease it to
|
||||
less then rtminexpire. There are two problems: (1) The kernel does not react
|
||||
less than rtminexpire. There are two problems: (1) The kernel does not react
|
||||
quickly enough when a lightly loaded server is suddenly attacked, and (2) The
|
||||
rtminexpire is not low enough for the kernel to survive a sustained attack.
|
||||
If your servers are connected to the internet via a T3 or better it may be
|
||||
|
@ -496,7 +496,7 @@ Many people also enforce artificial
|
||||
bandwidth limitations in order to ensure that they are not charged for
|
||||
using too much bandwidth.
|
||||
.Pp
|
||||
Setting the send or receive TCP buffer to values larger then 65535 will result
|
||||
Setting the send or receive TCP buffer to values larger than 65535 will result
|
||||
in a marginal performance improvement unless both hosts support the window
|
||||
scaling extension of the TCP protocol, which is controlled by the
|
||||
.Va net.inet.tcp.rfc1323
|
||||
|
@ -75,7 +75,7 @@ the child devices will be automatically probed and attached.
|
||||
A value equal to or less than zero indicates success, greater than
|
||||
zero indicates an error (errno). For values equal to or less than
|
||||
zero: zero indicates highest priority, no further probing is done;
|
||||
for a value less then zero, the lower the value the lower the
|
||||
for a value less than zero, the lower the value the lower the
|
||||
priority, e.g. -100 indicates a lower priority than -50.
|
||||
.Sh SEE ALSO
|
||||
.Xr device 9 ,
|
||||
|
@ -152,7 +152,7 @@ If this flag is set,
|
||||
.Fn malloc
|
||||
will return
|
||||
.Dv NULL
|
||||
rather then block.
|
||||
rather than block.
|
||||
Note that
|
||||
.Dv M_WAITOK
|
||||
is defined to be 0, meaning that blocking operation is the default.
|
||||
|
Loading…
Reference in New Issue
Block a user