KeePass ftw

Just make sure you have backups

Jails have been around a long time in comparison

I still see FreeBSD as being great for things like networking devices and storage controllers. You can apply a lot of the "cattle vs pets" design one level above that using VMs and orchestration tools.

Best thing to actually do is use as dim a screen as possible closer to sleep. You can do this with external monitors using DDC and actually directly control the physical backlight of multiple monitors.

Also properly color calibrate your monitors

Best thing to do is use a scripting app that can make hotkeys for controlling monitor brightness. You can directly control the actual backlight of the monitor and lower it in the evening and at night. Same as pressing the physical button. Great when you have multiple displays

It's still a standard ish format though and not designed from the start for archival

Apparently mini discs use a different burning method (obviously) and are very very stable.

IIRC there exist "magneto-optical" disks and drives for PCs that use a similar technology, but they were niche even when that technology was current.

Or the tiny CPU on the networking hardware chip

Do most people even use MDM on laptops or desktops ? I see it mostly used on phones

Corporate laptops? https://business.apple.com/

Are you sure whatever you have configured in the MDM profile or one of these apps like Charles Proxy is not the source of the traffic?

Are you using a simple config profile on iOS to redirect DNS and if so how are you generating it ? Full MDM or what are you adding to the profile ?

Traffic was monitored on a physical ethernet cable via USB ethernet adapter to iOS device.

Charles Proxy was only used to time-associate manual application launch with attempts to reach destination hostnames and ports, to allowlist those on the separate physical router. If there was an open question about an app being a potential source of unexpected packets, the app was offloaded (data stayed on device, but app cannot be started).

MDM was not used to redirect DNS, only toggling features off in Apple Configurator.

Surely you used several USB Ethernet adapters to rule them out as being the source as well right? Those types of dongles are well known for calling home.

Good observation :) Multiple ethernet adapters: Apple original (ancient USB2 10/100), Tier 1 PC OEM, plus a few random ones. Some USB adapters emit more RF than others.

And your sure it wasn't some built in Apple service ? I believe they host a ton on GCP

It excluded the published hostnames for services and CDNs (some of which resolved to GCP, Akamai, etc) published by Apple for sysadmins of enterprise networks, https://news.ycombinator.com/item?id=46994394. It's indeed possible that one of the unknown destination IPs could have been an undocumented Apple service, but some (e.g. OVH) seem unlikely.

First idea if great honestly - lots of vendors do this. I use Firefox long term stable and Chrome offers this for enterprise customers. Windows even offers multiple options of this (LTSC being the best by far).

Would also make a great corporate / government product - I doubt they care about charging the average consumer for such a subscription (not enough revenue) but I can see risk averse businesses and especially government sectors being interested.

I don't think that proves they've been breached. Are you sure your not just seeing keep alive traffic or something random you haven't taken into account ?

Much time was taken to separate known from unknown traffic, https://news.ycombinator.com/item?id=46998191