There are user-centric and dev-centric Linux distros. Windows is "Microsoft cloud onboarding" centric, and the experience has been dramatically degrading for years.

If that were not the case, why would senior executives at Microsoft say things like "we've heard you" and "we intend to reverse the suck in the coming year"? Even their management knows users hate the Win11 experience, and have placed it on their backlog....

> I dislike how janky its various GUI desktop managers are...igh pixel density, different audio setups, multi-touch trackpad support

These things are objectively better on a modern KDE linux. Out of the box I can output youtube videos to a dual-Sonos / Airpod setup by... clicking the sound icon, which pulls up an interface reminescent of "Windows 7, when the mixer wasn't terrible".

The reasons not to use KDE these days are because you need Windows software (usually: edge, teams, Office), or especially because LibreOffice is terrible. The core desktop experience, however, is notably and demonstrably less jank than the mess that is Windows 11.

UX design is treated as a subjective matter, as if it is equally valid to clearly label UI elements as it is to have magic, nondescript UI pixels that serve as vital control surfaces.

Go watch videos of the research Xerox did on UI/UX and HCI in general, and weep for what we have lost...

It's extremely common and has been for literally millenia.

I was also fooled and gave it too much credit, if you engage in a philosophical discussion with it it seems purpose-built for passing the turing test.

If LLMs are good at one thing, it's tricking people. I can't think of a more dangerous or valueless creation.

I think everyone here is pretty clear how they would ethically view such a thing, but view it from NIST's (/ NSA's) perspective for the sake of argument. Maybe there's a specific threat where NIST (or presumably the NSA) believes it has a mandate to insert a backdoor.

In order to successfully do this, NIST needs to maintain a very large bank of social capital and industry trust that it can spend on very narrow issues.

But over the years there have been enough strange things (Dual EC DRBG being the most notorious) that that trust, at least when it comes to crypto design, simply isn't there. My perception is that newer ECC standards promoted by NIST have been trusted substantially less than AES was when it was released, and I can think of a number of major issues over the years that would lead to this distrust.

The inevitable outcome is that NIST loses much of its influence on the industry, which certainly is not in its own interest.

And how can one easily determine, while looking at a particular paper, whether it has been replicated? And whether those doing the replication have any undisclosed ties to the original?

At an epistemological level, the idea of a knowledge source like a journal where the information is only deemed reliable if personally verified seems problematic. Why even have it if all of its uncountable claims are indistinguishable from very clever lies, and attempts to quantify the extent of those lies indicate that they are pervasive?

This shouldn't be surprising, since the most effective and dangerous liars tell the truth most of the time.

The fact that this slipped by the paper's author, their editor, *and the journal review* is not benign.

I agree with the author here: is no one reading these papers before putting their names behind them? Is the entire journal system entirely fraudulent?

Heuristic detection has been a thing for literally decades, and cloud-based antivirus which uses aggregate detection has been around for almost as long. It's notable that NIST does not seem to distinguish between these and just lumps them under endpoint protection.

Exchange just isn't the best designed or most modern software.

It's difficult to estimate the log throughput in this scenario. Cisco on debug all can overload the device's CPU; systems like sssd can generate MB of logs for a single login.

All of this is really missing the core issue though. A 2PB system is nontrivial to procure, nontrivial to run, and if you want it to be of any use at all you're going to end up purchasing or implementing some kind of log aggregation system like Splunk. That incurs lifecycle costs like training and implementation, and then you get asked about retention and GDPR.... and in the process, lose sight of whether this thing you've made actually provides any business value.

IT is not an ends in itself, and if these logs are unlikely to be used the question is less about dollars-per-developer-hour and more about preventing IT scope creep and the accumulation of cruft that can mature into technical debt.

$300 is moving towards refurb / shucked prices.

Current single disk solutions are around $25/TB for HDDs and ~$100/TB for NVMe.

At a minimum you're looking at $54k just for raw capacity-- assuming no backup, no chassis, no networking, and no redundancy.

More reasonable estimations would be in excess of $400/TB.

For instance shadow rights / MIM / PAM does not to my knowledge have an OSS equivalent.

Windows Hello for Business is the only moderately secure take on biometric auth into kerberos that I have heard of.

LAPS is the only secure, native LDAP take I have heard for managing root passwords, which fills a big compliance need for a lot of orgs.

And there is quite a lot about GPO that works wonderfully when paired with sssd, e.g. access control.