Is it illegal if you are salaried? Or how about if you have to take a dump? Or if I think about a problem while eating dinner?

Salaried exempt is a fixed amount of pay per pay period regardless of the number of hours, so they aren't part of this discussion.
You dont' get extra pay for working more than 40 hours doing the same job as you do during regular hours, And they can't pay you less for working fewer hours one day either.

As a salaried worker.. there is no such thing as "clock in" / "clock out time", so it's an unrelated matter. If your employer reduces your pay for a difference in hours less than not working a whole day, then they lose the Overtime exemption.

Clocking out to use the toilet, sip coffee, answer the phone for non-work items, patting the dog's head.

They cannot. Many retail employers would do this with their minimum wage staff if the law allowed it.
This is also Illegal. Federal law prohibits deducting pay for breaks under 20 minutes; even if the employee was persuaded to agree.
Federal law states that breaks less than 20 minutes must be paid. The break has to exceed 20 minutes before the employer may clock you out.

Employers are required to pay for all time spent on breaks less than 20 minutes. The only thing they can do is track or limit your number and duration of breaks.

Employers: Cannot require clocking out for short breaks: It is illegal to dock pay for breaks under 20 minutes

Employers: Cannot impose unreasonable restrictions. That includes things such as not letting employees use the bathroom, or forcing them to take 20 minutes... locking bathroom doors and actions that cause delays, etc. Must allow restroom use as needed per OSHA rules / ADA rules in some situations. An employer cannot require bathroom breaks to be at scheduled times, either.

Melodramatically complaining about a 0.1ms

You have to know it takes much longer than 0.1ms to receive the SMS text messages containing a token.

Anyway it doesn't matter if it's 0.1ms or 8 hours. Wages are required to include all time spent on work-related activities required by the employer,
and rounding of times can only be performed when the system is both reasonable and does not consistently disfavor the employee.

Consistently shaving off a second of an employee's compensated time per day from when they are working is still an unlawful thing worthy of liquidated damages, and it will add up to numbers given enough days.

if you knew the terms for which you're being paid why did you stick to the job longer than say 4 to 8
Because you need money for you or your family to survive, possibly. And it may take you MUCH longer than 8 weeks to successfully obtain a replacement role that is any better.

It doesn't matter.. It is illegal for the employer. Not the part about waiting for Windows to boot, but failure to start the work clock including the time when the employee's duties start -- which includes all time taken for all necessary preparations required by the employer (including time for security checks, boot, etc), even though it is before they can start taking calls or working on their assigned tasks.

Notable point: If you are a US citizen they might seize the device but you WILL be admitted into the country - a citizen cannot be denied entry.

If you don't cooperate with the search.. In theory you will be allowed entry as a citizen - probably yes - you just may be inside the US but in jail: without the property, and potentially you could possibly be on your way after a few days in detention -- Or possibly longer due to additional things officials are going to find to charge you with in retaliation for said noncooperation.

What if you don not have the codes for let say a company device?

I'm sure you could explain that to customs most likely, And they would probably let you go, but the device stays behind with customs until they can get into it. They will just hold the property as potential contraband until someone from the company calls and provides them access to search the contents of it.

A company with trade secrets does not allow them to be stored at rest on a laptop being flown overseas -- you probably have to acesss your work data through an online user interface.

So a reboot before going to places like customs etc can defeat these tools

Customs would be an example of an agency that does not need something like Celebrite for routine searches.. only in extreme cases would they.

If you power off your phone or reboot it or have it locked going through customs: Customs holds you at the gate and requires you to provide the passcode to unlock the phone or laptop. If you fail to provide the passcode: they seize the device, and you at the border. If they demand to search it: You aren't getting across the border through customs, and you aren't getting yourself or your property released, until you provide them with the keys.

I think the power consumption of your property and its thermal signature would be dead giveaways?

They are not. The thermal signature show you are using power. You can be running ASICs in order to train LLMs. Or you could be switching the ASICs over in your spare time to start cryptomining. And the thermal signatures don't indicate your own activity. The point is those are your own private and activities, and while they should be interested you are powering industrial-scale computing gear.. the actual Output you are getting from crunching the numbers should be irrelevent and not be a legitimate matter for government inquiry.

That would be akin to trying to permit an Industrial facility to manufacture plastic kids toys but not plastic adult toys. I.E. Massive government overreach.

On the other hand; It is understandable if the power infrrastructure cannot handle industry, and therefore All new private industrial facilities will be prohibited; based on how they are operating, and not what the data they produce is going to be used for.

What was actually damaged/destroyed

The damage was Additional revenue-generating opportunities normally enabled by AWS were lost.

For example: If because of an outage your Ecommerce website is down for an hour -- there is a certain volume of sales: Revenue opportunity: which you lose.
You calculate that loss by using past data to estimate your expected revenue during the particular hours of the day times the number of hours that you were down leading to an estimated number and dollar sales volume lost.

Given that the outage was claimed to be in Eastern US, why did I suffer multiple service outages in Idaho?

Clearly bc you used services that dependent on the affected network.

US-EAST-1 outages also have a way of cascading to the other sites, because it's the most populated region with the largest amoutn of resources.
When East-1 has issues.. the other regions will receive a huge volume of additional load. They had EC2 launch issues, and throttled ---- slowed down new launches deliberately; likely because every other customer in the US-East-1 region attempting to deploy instances into other regions due to the outage impacting their east-1 resources. This surge in activity in other regions caused by customers attempting to shift traffic around to get past East-1 outage has a chance of causing major network degradation across all regions.

the correct accusation is: "you shouldn't outsource your critical business infrastructure to a huge megacorp that can survive without you."

Perhaps you should not, but most businesses DID NOT and Will not build a resilient in-house infrastructure that provides nearly the average uptime as AWS.

For example.. 99% of companies' -- even large corporations' internal Email the whole company relies on would typically be on a single MS Exchange 2016 server. You would have a hard drive crash, and the server would be down for days while the backup restores.

Before you start complaining that companies shouldn't outsource critical business Infrastructure... I think you should take a study on what exactly that infrastructure looks like Not outsourced.

The in-house schlop is in general more susceptible to outages, but of course it has the advantrage that your outage will typically not happen at the exact same time as a thousand other corporations' outages.

The thing is it cost billions In revenue Amazon created opportunity to earn in the first place

It is not as if AWS centralization is this critical threat that caused billions in damage. They caused many billions in revenue generation which was slightly reduced during a short outage -- which is extremely minor compared to the value AWS provides. I mean a 24-hour outage is not even a concern.. come back when they have a real catastrophe and it's a major 7-day outage. Even that, quite honestly, may not be enough for projects to justify picking a different provider in the long term, however.

Third parties don't belong in the kernel even on Linux. There IS an alternative.

That is up to you as the administrator to reject vendors who don't use the alternative and want to send you a custom kernel driver instead.

However... It's still possible for Crowdstrike to do something stupid that brings a system to its needs.

The software is able to block a file from being opened or read, for example. Now what happens if Crowdstrike suddenly detects _EVERY_ file as malicious and starts preventing the system reading any files at all? For example.. the Browser.. the Windows manager.. the Launcher, Desktop, etc.. Any programs that have to run in order for the user to successfully log in and use their system.

With proper auditing, you can use NPM just fine, pin a specific version

So Insecure by default then.

What we really need is to have catered repos which default to a pinned version, instead of requiring the user to pin one. And the version pin does not update until that version has been audited by a sufficient number of trusted authorities.

If no version has been audited and pinned, then new packages should simply be unavailable to anyone who is not running in a "dangerous insecure mode"

I mean that some system of package review is obviously necessary for all updates, and that which has not been reviewed should not be available. Otherwise it's worse than geocities -- a convenient malware distribution channel.