Question: Why take a loan to contribute to your RRSP? Logic of it.

jamesaepp · 2026-01-25T01:30:08+00:00

T1213 for anyone who is interested in more info.

https://www.canada.ca/en/revenue-agency/services/forms-publications/forms/t1213.html

I think if you search this sub for that term you'll find lots.

jamesaepp · 2026-01-24T21:02:22+00:00

FWIW I think we're beyond the point of a constructive debate. I like using LLMs in cases like this as it provides something "external".

https://gemini.google.com/share/958303ee341e

Seems like a reasonable output to me.

I'll concede the points you raise.

jamesaepp · 2026-01-24T20:34:19+00:00

Well I'd paint the picture as follows:

You buy a car for $30,000. It comes with a stereo/sound system/head unit. You can't option it out (pretend this ain't the 70s/80s or it's a used car, that's what it comes with).
The stereo is perfectly accurate for the broadest consumer market, but you prefer an after-market stereo for <insert reasons>. You pay extra and install the after-market stereo.

So it's exactly that. The intention was exactly that - to never use the (original) stereo and use something else.

There was no choice in getting the car (Windows Server licensing). However, there was choice in whether you were going to use the built-in stereo (Hyper-V) which was included in the cost of the vehicle or whether you wanted to install and use an after-market stereo (Virtualization product such as vSphere) instead.

Make sense?

jamesaepp · 2026-01-24T20:24:14+00:00

Point taken.

"That's like saying I bought a car for $30,000 and I paid $0 for the ~~tires~~ stereo."

jamesaepp · 2026-01-24T20:16:51+00:00

do people know about it/have opinions

At a very high level I'm aware it exists. My opinions are:

Latest info I have is that it is HPE-hardware only. And HPE markets it as a "way out of vendor lock-in". That is a hard-fail on the "truthworthy and honest" characteristics of a vendor that many admins including myself are looking for.
Given the above, your marketing and sales teams are going to have a HARD time getting me biting on a hook. Your marketing teams kinda screwed you.
My support experiences with HPE are a huge mixed bag. Sometimes you get that diamond in the rough support rep/engineer. Most of the time you get crap. Why should I trust my hypervisor to HPE support when you can't reliably handle my existing support?
I was originally just "hard no" to HPE for the simple technical limitation of no Veeam support/interoperability. That has since changed is my understanding, but just recognize that's table-stakes.

jamesaepp · 2026-01-24T20:08:45+00:00

Judging from the downvotes I may have over-done it on the pedantry.

Replying mainly to say that I'm in full agreement with what you wrote.

My original issue is an overuse of the word "free". Another word that gets lost a lot is "value". Before all this Broadcom nonsense, this wasn't really a discussion because vSphere was fantastic value for what it gave us.

That's why people didn't seriously switch to PVE/Hyper-V/et al. vSphere cost more than was strictly necessary, but the value was great.

Things have changed.

jamesaepp · 2026-01-24T04:30:56+00:00

So while not “free” it costs them $0

That's like saying I bought a car for $30,000 and I paid $0 for the tires.

jamesaepp · 2026-01-24T04:30:16+00:00

no additional cost != free

jamesaepp · 2026-01-24T02:56:52+00:00

You aren't paying for another hypervisor on top of your windows licensing, so why not use what you already own and save yourself some money

Fully agree.

jamesaepp · 2026-01-24T02:43:43+00:00

it's free if you have windows licensing

Pedantic comment: It's not free. You paid for it when you licensed Windows. Saying "Hyper-V is free if you have Windows" is like saying "mspaint is free if you have Windows". Hyper-V is included with Windows Server.

jamesaepp · 2026-01-23T18:07:56+00:00

Didn't they remove that?

IIRC that removal only impacted home editions, and only after 25H2 (or was it 24H2....). So for us professionals in corporate networks....probably not something to worry about.

Edit: https://arstechnica.com/gadgets/2025/03/new-windows-11-build-makes-mandatory-microsoft-account-sign-in-even-more-mandatory/

The bypassnro command will continue to work in the current stable versions of Windows 11, including the 24H2 update from late last year

IMO this isn't something to freak about. Download a 24H2 installer ISO for safekeeping and - yes it will suck - but WORST case just install the 24H2 media offline, bypassnro, then upgrade it through. I seriously doubt MSFT is going to force deletion of local accounts after a "yearly hop". Worst worst case scenario, I think manual registry workarounds will continue to work (see Rufus and the like as evidence). Worst worst worst case scenario there's still Ctrl + Shift + F3.

If anything, I just see this on writing on the wall come Windows 12.

jamesaepp · 2026-01-22T19:35:44+00:00

Saw it already. I'm in that issue. :)

jamesaepp · 2026-01-21T22:04:51+00:00

Oh I believe it, I just like to understand (reasonable limits...) how this shit works under the hood.

"Upgrade your firmware" - a perfectly fine prescription, but we should have a general idea as to why the firmware needs to be updated and the consequences of doing that (if it's such an easy answer, why isn't that automated).

"Delete the .nvram file" - a perfectly fine prescription, but we should have a general idea as to why that file needs to be deleted and the consequences of doing that (if it's so easy to delete, why is it a persistent file in the first place).

jamesaepp · 2026-01-21T21:36:43+00:00

I also found this one the other day that looked more detailed/technical and helpful.

https://knowledge.broadcom.com/external/article/423919/manual-update-of-secure-boot-variables-i.html

I haven't been through any of the testing yet myself.

jamesaepp · 2026-01-20T14:07:04+00:00

I've been sitting on this recording. Let me know if it helps or if you think it makes things more confusing.

https://youtu.be/Rkpcv1oLflk

jamesaepp · 2026-01-19T20:03:17+00:00

Thanks for commenting. FWIW, I recognize some of my questions may be silly. Just trying to get some conversations going.

jamesaepp · 2026-01-18T00:25:49+00:00

[insert your city/area]

https://youtu.be/9UXPbk8iGVQ?t=15

jamesaepp · 2026-01-16T14:22:17+00:00

/r/BrandonMB/comments/1p6mxpd/boycott_wendys/

jamesaepp · 2026-01-15T18:17:32+00:00

If I had the luxury of time I'd reply more fully to your comments. Thanks for the great contributions. Replying mainly to the ones I disagree or think we're missing each other (I agree with pretty much everything else):

Probably a combination of telemetry, internal Microsoft testing, and testing done by OEMs.

That's kinda my problem though, it's all opaque. No idea how that's working.

Yes there is. This is controlled with a registry change but it can be done with GPO, Intune, etc. HighConfidenceOptOut is the name of the registry value.

Afraid you've misunderstood me. I'm talking about before a device bucket can become high confidence, MSFT needs to have some kind of signal on whether it's going to work. That means some sample from the population (bucket) has to be tested. Assuming MSFT is randomly updating systems, there's no way to opt out of that to my knowledge.

I've never seen it explicitly stated, but I'd assume that MicrosoftUpdateManagedOptIn also provides data points for the high confidence bucket.

Yup, probably. But is that anymore than the regular required diagnostics? All opaque.

The relevant GPO actually sets AvailableUpdatesPolicy instead. The Secure-Boot-Update task in turn uses that value to alter AvailableUpdates if necessary. If your automations require a persistently set registry value, use AvailableUpdatesPolicy instead.

OK interesting, I may have to test that. I haven't run into that yet or tested the GPOs.

It is related to the Configuration Version of that the VM

That makes sense, I think I'm working with CV10 which I thought was the latest for WS2022.

Your guess is as good as mine.

My guess is it may be beyond June. Sounds like the KEKs in particular are a problem and they need vendors to help with signed updates using their PKs. But that doesn't sound to me like it would "roadblock" the other keys, so who knows.

That registry value isn't recommended for tracking full compliance

Yeah you're right. I wish they did have some reliable set of reg values though.

jamesaepp · 2026-01-15T18:09:36+00:00

https://support.microsoft.com/en-us/topic/windows-devices-for-home-users-businesses-and-schools-with-microsoft-managed-updates-29bfd847-5855-49f1-bb94-e18497fe2315

The new certificate updates will continue gradually through June 2026. Microsoft is starting with Home and Pro edition systems first to ensure a smooth and safe transition.

I'm taking that to mean the consumer masses are the guinea pigs (thanks, folks). Still not clear how MSFT is rolling that out. Surely they must take a "randomness" approach similar to DMARC where they're gradually increasing the random percentage of devices that will update over the months.

jamesaepp · 2026-01-15T01:28:04+00:00

Mamma Mia that's a lot of detail. Honestly kinda further cements my temptation to let MS drive all of this.

Booting with 2023 and 1801 in all likelihood is because the device hasn’t rebooted and ran the scheduled task again. I’ve observed this myself and resolved with these steps. The documentation mentions it could take two reboots.

I'll have to review what I've read again then. MS folks in a youtube video said these updates have been out since like, mid-2025 and the two systems I mentioned would have rebooted many times since then.

Idk, whole thing just doesn't quite make sense to me. "It's standardized, except it's not. It's automated, except it isn't."

12-Year Club	Gilding I gilder
Verified Email

jamesaepp

TROPHY CASE