There are two parts to that.

The first part is that the network log-in source can be grouped as an infinite number of terminals--lots of connections--so a per-connection rate limit is useless; thus all network service log-in (caveat: Active Directory handles console log-ins... over network) must be grouped as one thing to be effective. Console log-ins are separate so that a network attack can't function as a DOS; as well, the risk is mitigated because you can't enter passwords fast enough for any use.

The second part is that a console brute-force is slow. Your concern about what amounts to typing really, really fast (i.e. programmed HID plugged into USB) isn't a real concern because of password complexity. It's not that passwords are necessarily that complex; it's that a password which isn't complex enough can be readily brute forced under strong password policies like "3 passwords per minute", it just takes a week or two.

No, I dismiss the possibility that short lock-out intervals help with weak passwords.

You can attack 129,600 passwords per 30 days if you have a 3 failure per minute policy. Basic English 1250 extends out to about 5000 words with conjugations and domain language (medical, legal, whatever) for most people. Weak passwords in the traditional complexity scheme are like "rainman" becomes "Rainman1", so 100,000 attempts has a fair chance of getting it eventually. That's within the realm of a hardware keyboard typist. Common policy is 60 or 90 day retention, which increases the risk into strong viability; while public kiosks are too visible for a multi-hour console log-in attack, which makes these attacks less viable even at high rates.

Complex passwords reach 10^14 theoretically, and four-word passwords reach 10^16. Reasonable rate limits of 20 attempts per minute carry this out to hundreds of thousands of years. A human can type barely that fast. Remember the original argument:

If the attacker tries to log in over RDP or telnet or such, and locks the account, the actual console log-in box no longer works. That's dumb, because no attacker can possibly brute force the password through that, unless the password is laughably weak--in which case, as stated above, the rate limiting doesn't actually help.

tl;dr: I can lock you out of your server by constantly trying to log into your server, so you can't apply patches anymore. Then I hack it on Tuesday.

Yes, let's have a minimum wage adjusted for inflation. Then it would be around $21/hr, which is what the minimum wage would be if it had kept up with inflation since it was instituted. Yes, at one point the minimum wage was a true, reasonable living wage. That's why our parents and grandparents remember being able to do so much more with their money than we can now, like buying houses right out of college.

No, progressives advocate income redistribution because extreme income inequality chokes economic growth. Give money to the people who have none, and they are the likeliest to spend it, and spending money is how you grow jobs and an economy, you grow the pie. Conversely, restrict all the money to the hands of an increasingly elite few, and nobody will have money to spend, the economy will be effectively limited to the handful of wealthy people while the rest of us are shut out. Businesses will close up, people lose their jobs, that's one of the surest ways to kill an economy, the pie shrinks. Time and again this has been borne out, e.g. in the article here.

So every time the unemployment rate goes up, it's because more people choose to become ex-cons, drug users, or alcoholics?

It's called basic human dignity, and if you think working a full-time job should not by itself be enough to support oneself, you clearly do not believe in it.

If that's what you read, you need to practice your reading skills, cause they suck.
What I pointed out is that cgroups are separate from the init process, and can and do indeed run on sysv init systems too. cgroups has nothing to do with init, and runs separate from init no matter what you use for init.

When you brought up cgroups as an argument, it appeared to be from a false belief that systemd was needed for cgroups to work - in fact, it's the other way around!
And when systemd uses cgroups, it takes them over for its own purpose, which lessens the value of cgroups compared to systems where you are free to use cgroups from scratch. Freedom to choose - that's what makes Unix great. Poetterware takes away that freedom.

Australia has a minimum wage of around $20/hr and we are a very prosperous country.
Higher wages just take profits from the mega corps and give it to the working poor who , shock horror, spend it, and create more wealth!

TCP isn't noticably more secure than UDP - the extra fields in TCP are unsigned and can be spoofed too. There are even a couple of attacks that only works with TCP, like source congestion. The only "security" TCP buys you is if you have a dynamic real-time alerting system for tcp sequence errors and similar likely to be seen in spoof attacks. You don't have such an alerting system.
Thus, security is implemented on top of the transport layer, where it works just as well for udp as tcp. The advantage of udp then is that you get more payload per encrypted or signed unit, thus higher speed.

That said, the main use of nfs is within secure perimeters, where speed and transparency is the main goal. In which case all you need is a honor system access control, designed to prevent users and apps from doing bad things no matter who they (say they) are. I.e. the focus is on what is shared, and what's allowed, not who you share it to.

Where Windows is very user focused in its trust based security model, Unix is very data focused.
A typical Windows share will allow any user to write and execute whatever they like. The users don't understand the "Advanced Security" properties anyhow, so implementing it will just lead to complaints. If a client is compromised, so is the share..
A typical Unix share will only allow users write and execute access to specific directories, no matter who they say they are. Remote root users typically get even less access, not for security but to prevent accidents. If a client is compromised, the shares should be safe.

I wanted to ask why Star Wars and Galactica, but no Culture novels, but then I realised that neither GCU Fate Amenable to Change or dROU Frank Exchange of Views had any sort of catch phrase.

I think it's more likely that more people are becoming obese because of exactly one factor: age. They are living artificially prolonged lifetimes due to access to adequate food and to medicine. It's easier to get fat when you are 50 than when you are 30 because of the natural changes in your metabolism.

It might cause a few deaths but it also sustains the multi billion dollar prison industry and employs well over 1 million people in the US alone

None of those jobs help the economy. Why should people be employed in occupations that have no benefit to society whatever and are in fact detrimental to society?

The government profits from illegal drugs even more than drug cartels do.

Colorado's pot legalization and the multi-billion dollar alcohol industry shows that governments profit a lot more from legal, regulated drugs than outlawing them.

I've known drug addicts, and the WHO is also right about compulsory addiction treatment; compulsory treatment flat out doesn't work. The addict has to want to stop, and it's very hard even when they want to. Alcoholics and other drug addicts relapse more often than not after treatment.

However, should they ever invent the fictional drug in the novel I'm writing (see my journal, the first crude draft is being posted there) I sure hope it's not legal!

But nfs does not take over and cripple your dns server.
It's the hooks into and taking over parts that work fine on their own that's the problem with domain controllers and systemd. It goes directly against the Unix toolbox approach, and stifles innovation because now you have to do everything within the context of the super-program.

(As for your testing, did you try with jumbo packets? NFS supports it, and CIFS doesn't. It makes a tremendous difference, especially for writes to remote RAIDs or disks with a 4k block size. Also, avoid distros that set up NFS to use tcp instead of the default udp. That's a huge performance killer, and not needed unless you use hubs instead of switches or need to tunnel the traffic.)

No, not at all. They produce the very finest shit eating utensils in the world. It's not the utensil that is the problem.