LOL have you worked with the average home PC buyer like ever.

They never wrote down the local unlock code.

They forgot their password. - (This is why they called you initially, or the malware duped them into changing it)

They have no access to their e-mail, someone showed them howto connect Outlook 3 years ago and it has just worked ever since, no they can't even begin to guess at the password, even now their life depends on it.

They have no clue what a passkey or cloud wallet is, they only knew they never needed it before and don't want to did not want to deal with it, they have been "clicking - skip" for 2 years.

So yes, encrypting their data without making it damn clear to them what their key management responsibilities are, or alternatively if you manage the keys for them making sure they understand their identity recovery process before they have to use it, is not doing them any favors.

Like every "normie" I know has been thru at least two Google accounts, and some of assortment of yahoo, hotmail-microsoft, facebook/meta accounts they have to abandon because they lost access.

from the methodology that is exactly what happened..

LOL - from the representing the party of Swalwell. Dude, everyone knew and nobody cared...

Democrats basically invented all forms of modern political corruption. You need to let your hatred of Trump go and come to gips with that.

For the last 25 years or so the out of power party has usually polled exceptionally well at mid-terms anytime the economy isnt going gangbusters precisely because the nation is very polarized and the the 15% or so swing voters in the middle tend to vote their wallets.

Democrats are polling a lousy +3 right now. There is One and only One plausible explaination for that. Most of America is actually quite happy with the economy. It might be that inequities are disprotionately landing exclusively on people who are already reliable Democrat voters, but then who cares? You'll are America hating commie pricks anyway, so much the better.

That is my point thought. They don't know they need to do these things. They sign in with a pin or hello for years, forget their password, something happens to the PC and they are foobar..

Their past experience for the last 30 years was everytime they get one to many copies of bonibuddy installed their cousin does something with the hard disks and gets all their pictures, works/office/oo docs, and quicken files off there. This time is 'sorry can't help you'.

Is it Microsoft's fault - no not really, but it also kinda is because local disk encryption wasn't really something they needed, from a threat/theft security standpoint and they lacked familiarity with the subject to recognize just how dangerous FDE is to them from an availability, and reliability standpoint if they don't take appropriate precautions around key backup and account recovery options.

For most personal/consumer users FDE is not something that should be a default, it should be something opted into after some number of scary looking "are you sure" dialogs.

so you take a bunch model training on literature that include documentation about every populist uprising in history, then play act as a caricature of the most abusive nobility/gilded-age industrialist/dictator you can image, the models respond by intimating the response of the humans in those stories.

That isn't a surprise, it is what the models were literally built to do.

I am sick of people saying we are when all the statistics say the opposite.

Look unemployment still near historic lows.

African American unemployment (usually a recession bellwether) still near lows.

Previous revisions, show improvements

Wage growth only this past month slipped blow the inflation rate, unsurprising with Iran going on

Markets doing well, despite Iran

all this in a flattish interest rate environment

- Reality is the recession is tech sector thing, and only if you pull AI spend out. The rest is manufactured media driven mirage. The facts are the economy is good, maybe even very good, unless you are only looking at the gas station signs or have an easily automated mid-level tech job. If you really don't trust the numbers coming out the BLS because TDS or something just look at how Democrats are polling nationally at a lousy +3 when the opposition party usually looks at lot better, and in this case would be expecting to be over polling due to Iran.. The reality American's are feeling good and pretty secure as long as you don't color the conversation by starting out with "with gas so expensive.."

I also think there is a lesson here about cryptography on consumer devices.

I really don't think encrypting data at rest, where it isn't absolutely expected like password safe should default on. Key management is hard, the threat model most consumers face simply has them needing (or at least wishing for) offline data recovery a lot more frequently than 'oh shit I left the laptop on the bus' when their reality is the laptop never leaves the house.

Mixing data encryption with identity tools neither of which they have taken the time to understand isn't do them any favors; its just increasing the likelihood they lose access to things they care about.

it is also possible that for all but perhaps presentation and UI, creativity in programing is a story we told ourselves and that is why some of this is so upsetting.

Correct in that for the same inputs they give the same outputs sure. However if we are being really honest either some are more correct or after the compiler removes all the formatting and strips the symbols and the resulting output is the same give or take some register choices and other trivialities.

The correct code is going to be the better more efficent algorithm or for some cases the most understandable verifiable one depending on what exactly we optimizing for.

adequate mitigation measures - Use a bitlocker PIN.

DONE... Unless of punishing Microsoft is a useful trade negotiating tactic this week.

Things like the CRA are vague and their only real use is as a cudgel for regulators to threaten anyone they don't like with. The result is politically capricious uneven enforcement. Note this isn't a EU problem specifically the USA has so much of this same frightening freedom destroying BS law on the books, I am not casting a stone here, but exactly nobody who cares about liberty or justice should be excited about these sorts of laws.

The bigger challenge is how are projects going to discuss any not so trivial to patch issues? As long as the fix is encode this, duplicate that and only provide the copy to the caller, and what not, the situation is manageable.

  The moment we hit something where the fix likely means changing behavior and needs design discussion enough hints are going to drop that even in absence of patch file that would highlight the exact lines of affected code even a relatively low skill actor is going to be able to use AI to locate the specific vulnerability, and generate exploit code.

This will make discussion of anything of significant security impact impossible on any kind of open mailing list, issue tracker or forum nearly impossible. It is going to force a lot of projects to maintain a much smaller group of highly trusted contributors who have to look at all these issues themselves and cannot rely on community help.

This is really going to be mess for FOSS culture.

One of the first managers I ever had told me something I have remembered for my entire career. "Be very careful about what you decide to measure, you are certain to get more of it."

Amazon has chosen to measure AI use. So the natural reaction of employees is going to be to put effort into finding was to use whatever AI tools they have been given. In the best case sure they will use them increase productivity, however after they exhaust the obvious use cases where there is real gains they are going to start looking at those tasks they can easily do themselves/with existing tools and continue way past the point of diminishing returns. You are going to have a ton employees who are spending as more or more effort figuring out how to wire the AI tools into process as any time saved; for the sake of using the tools because Amazon decided measuring tool use was a good proxy for productivity. A two second thought experiment should tell us it isnt.

I am the same way, it goes for poison ivy and chiggers as well. I'll go out in the woods wearing similar clothing to other people and they will come back with all sorts of bites, and rashes etc; while I experience none of it.

My conclusion is it isn't rational I did not come in contact with the same agents, plants / bugs they did. It has to be a difference in immune response.

I expect a lot of people say I don't get bit, but I really find the claim incredible, those chiggers jump on anything warm and moving. That is why studies like this one with careful monitoring via camera and other methods to see who is really getting bit and how often vs self reporting are worth while. I expect we will learn some things that contradict the appearance of more casual observation.

Lots of words to say "I disagree" without offering a single argument for why the analysis is wrong.

well yeah; but lets look at where we are now. Nobody is make domestic routers because you CAN'T for structural reasons complete with foreign ones.

There are exactly two ways to make domestic router production happen.

1) Defense production act, go all command economy compel some company with domestic electronics manufacturing plant they are going to produce routers. Good luck because it isnt just you with a PCB layout kit, and you there with the injection molding machine, hop to it. It is also design the thing, get the software (even if it is just Linux), .... Nobody at FCC is up to coordinating product delivery with all those inputs. The outcome will be some disaster of product nobody wants, that hardly works, very likely costs way to much, and will be way to stagnant crippling innovation of anything delivered by the net does not fit todays ipv4/6 and relative bandwidth scenario.

2) Ban stuff people need let some domestic company who is already in the business of building somewhat similar products maybe an enterprise player who could jump into the consumer market, that just has to solve how to replace their sourcing with domestic alternatives. Sure it is still disruptive, but at least has some tiny change of working...

3) Then there is the other don't make domestic production happen alternative, which is what most of Slashdot childless, globalist, America hates really want, that is to do fuck all about supply chain risk and the national security and sovereignty implications, because having some new shiny thing for very cheap that will be next years e-waste to play with is more important to them than America's future. While were at it, the public till can get raided to inject cash into some American chip makers so they can design but not actually make any chips, pat ourselves on the back watch our 401ks grow and pretend we did not just sell out our grandchildren at the same time.

I am not a municipal water guy, but my high-level understanding from news articles and picking up little bits of information over time is that leaks representing quite a lot of water loss like 5-20 percent is pretty common.

This is why you see boil orders whenever there is a loss of pressure the assumption is that because the positive pressure went away nasty things could have come in the same leaks in the pipe that normally are letting all that water out..

That 5-20 percent is a big spread and a lot noise to signal to hide non functioning meter or even intentional water theft in.