And that introduces a specific type of supply chain threat: someone who possesses a computer can infect their own computer, sell it or transfer it to the target, and then use the embedded microcode against the target, even if the target completely reformats and reinstalls a new OS from scratch.

That’s not going to affect most people, but for certain types of high value targets they now need to make sure that the hardware they buy hasn’t already been infected in the supply chain.

In the US, because the minimum required by law is so low, the actual distribution of vacation days varies a lot from employer to employer.

This chart, updated annually, shows the average by length of service time: https://www.bls.gov/charts/employee-benefits/paid-leave-sick-vacation-days-by-service-requirement.htm

Seems like the average for people in the private sector with 1 year is 7 days sick, 11 days vacation.

This fact sheet, as of 2021, breaks down the details a bit more: https://www.bls.gov/ebs/factsheets/paid-vacations.htm

Table 1 breaks it down pretty well, with people at the 1 year mark hovering mostly between 1-3 weeks, people at the 5 year mark mostly between 2-4 weeks, and people with 10 years at 3+ weeks.

People with government jobs, which is about 15% of the workforce and about 20 million workers, tend to get better benefits, including paid time off.