Priviledge seperation influenced arc4random design OpenSSH started in 1999. In 2002, priviledge seperation was added. A major daemon now needed randomness -- key grade, IV grade, whatever grade -- inside chroot space! 2011 - OpenSSH got sandboxing support. systrace based in OpenBSD. - only permitted system calls are clock_gettime() close() sysctl() getpid() gettimeofday() madvise() mmap() mprotect() mquery() munmap() open() poll() read() select() sendsyslog() shutdown() sigprocmask() write() 2014 - heavy-weight sysctl() could provide "entropy" - split out into getentropy() syscall call