Correct link to Physics Review article...

Recent observations published last year (in Physics Review - yay, no paywall!) of merging black holes certainly go a long way towards proving black holes follow the 2nd law of thermodynamics (95%+ probability), and by consequence emit Hawking Radiation... pretty close to proof, but not 100%. A good summary of the findings can be found here

Instructions on how to completely disable Airdrop on Macos -- this will actually make it impossible to even open the Airdrop application in the Finder app bundle.

https://answers.uillinois.edu/...

Useful, but once disabled, you might wonder where Airdrop went months later if you want to use it temporarily... so keep a note around on how to re-enable it (there's not really an error message or anything, Airdrop is just "greyed out".

(obvious typo: that's closest)

Can someone explain to me how discovering the THIRD closes system to ours in 2013 doesn't suggest that all the Dark Matter(tm) that's out there just isn't a mass of brown dwarfs that we can't see, and not a whole new class of matter?

Quick browse of the source makes it look like connections run through a python server... so anyone who deploys this on a gateway server (public web, but internally connected) would expose all internal ssh servers -- or at least that's how it appears.

Of course, using the web auth to connect mitigates the risk (but requires dual auth?) -- it's not obvious from the description that the connections to port 22 don't initiate from the browser's machine... and people may deploy this without appreciating the possible internal network exposure.

Back to my mindterm java client.. *sigh*

I bought my latest server board from Intel specifically because it supports this, and it does work well -- full KVM over VNC, can boot from bios all the way to desktop regardless of the OS, it's basically exactly like sitting at the console, but you can be anywhere.

However, I had a few issues with the design:

1) Setting up encryption for VNC was a pain... I had to dig around on intel's site to find some corporate management software before I could install a x509 certificate and connect to the encrypted port using RealVNC

2) RealVNC Viewer Plus ($$) is required if you want the ability to have full AMT (all the cool remote disk mounting, system power control etc). Some of this you can get via the web interface though (via a different port).

Apart from the setup pains though, it's very cool tech. I was also able to perform a full GUI install of Fedora on my US server from my laptop in Norway, using an ISO file on the laptop for the install (yes, you read that correctly... you can mount a local disk file on the remote machine and the bios make's it appear as a local disk! But again, that required the AMT features, and RealVNC Plus :P).

The system works by intercepting IP packets on the motherboard network interface (so you must connect via that port, not just any network port), and redirects connections to a selection of ports (all configurable) to support remote management via VNC, http/https, or a few other protocols. This means you can connect in and check out the desktop at full rez even when someone's using the machine, or even work on fixing issues even though a kernel oops. Basically, as long as the network to the port stays up, you have access to full console control.

I had tons of old disks from my Amiga, Mac Plus and even Apple ][ days, and did a fair amount of hunting before finding Kryoflux... it uses a USB device as a 3.5 and 5.25 disk controller, and can read the disks at the lowest level the drive supports -- so it can, for example, read the old 400/800k mac disks that require the old apple multi-speed drives with a regular 3.5 PC drive. The blueprints for the board are available (to etch/build your own, but I think you need to create your own layout), or you can buy a prefab from them (when they have them in stock, anyway -- I had to wait a few months).

They have software that connects to the USB device and creates various decoded files for lots of archaic disk formats. They keep talking about opening the source code, but I haven't followed the latest developments there... software is free for non-commercial use regardless.

I managed to dump about 50 ancient disks from mac, apple ][ (5.25) and amiga without problems, and could use the images in various emulators to recover the files. I had a few disks with sectors that couldn't be correctly parsed, and lost a few files there, but overall I found the device a savior for my old writings and early coding projects.

They sell the devices at http://www.kryoflux.com/ or you can troll the forum link for the blueprints (I can dig it up if there's interest). Last I heard they were working on write support (and a quick check looks like that may be available now too).

Thumbs up here.

Scott

I've been running my own "full stack" for over a decade, and currently use Fedora (linux) and the following services:

postfix - smtp, very good security record, and I setup most processes chrooted

dovecot - very stable imap, also good security record, I recommend maildir format for storage, and setup the sieve plugin for filtering rules

roundcube - very good ajax webmail, hosted on apache, also has managesieve plugin for config of filters

squirrelmail - another webmail, I keep in on there too for when a mobile browser doesn't like roundcube

spamd - spamassassin daemon, pretty easy to add as a content filter to postfix (then use sieve rules to direct tagged mail)

Get a cheap ssl cert, and make sure to use https for roundcube, and use smtps and imaps for clients. Make sure you have iptables setup correctly (deny by default), setup a good backup (I use rsync to removable storage with hard links between multiple aged versions).

Only allow remote login over ssh, I recommend only allowing an odd named account to ssh in, and then use su to admin stuff.

You should keep the system updated, 'yum update' makes that easy on Fedora -- probably the only really manual admin that needs to be done, you can automate it, but I prefer to keep tabs on what's changing and why...

Initial setup and config can take awhile (esp if you want to setup chroot for most stuff), but once it's up and running, it's pretty solid. If you want you can add things like SPF entries to DNS.

I went an extra step and setup a box with intel's vpro on the motherboard so I have encrypted full graphical console even if the kernel crashes or system won't boot (hasn't been a problem yet :). I also setup a hardware raid, so even the boot device is raided.

There's a lot more that you can do too regarding monitoring (tripwire, smartd, rkhunter) and extra services (dnssec, ipv6 etc) and there's tons of configuration tweaking that can keep you busy for weeks if you go deep, but that's not strictly necessary...

Good luck, and have fun!