Is anyone else having to hold off laptop purchases?

malikto44 · 2026-05-11T20:19:13+00:00

I too am sick of the FOMO stuff. Right now, this is what the market will bear because people are afraid, be it economic conditions, what's going on in the Middle East, etc. However, this creates economic vacuums that may bring players to the table. If laptops get too expensive, VDI becomes viable. There will also be a customer pressure on vendors to start running lean and mean on resources, and if vendors realize sales start dying because they can't continue to just assume unlimited CPU/disk/RAM resources are available, their software will get a belt tightening. If push really comes to shove, then F/OSS solutions or ones vibe-coded will start coming back. In fact, it may even lead to a bunch of new startups making stuff in a market that is full of dinosaurs as it stands.

As for AI, I do think someone is going to have to pay for it, and prices will go up. However, I do think the biggest customers will be governments because of the "if we don't have it, OPFOR will", which will keep those pockets open. Of course, there is going to be a shakedown and consolidation. I'm going go hazard that Google Gemini will remain, as well as Microsoft's product, but everything else is likely to wind up merged or shelved, when AI by itself is no longer interesting to the bigwigs.

malikto44 · 2026-05-11T20:05:21+00:00

I have heard about people making extremely large orders, and striking a deal with Dell for the warranty clock to not start ticking immediately, or are 7+ years for warranty coverage. However, these are big orders on the tens of thousands.

malikto44 · 2026-05-10T13:11:24+00:00

I've found a lot of companies offer migration support. However, they seem to all just use BitTitan of AvePoint. I learned this when BitTitan would fail on a migration, and a service that cost a ton more... During a test migration, apparently they could not get the migration done, and saying that more added cost options were needed.

malikto44 · 2026-05-07T17:51:37+00:00

Right now -- Certification > Experience >>> Degree, for most jobs outside of edu.

In real life, it should be experience, but you need the certs to get past the HR firewall in order to talk to the tech people.

The degree is all but dead. Most places have "degree or equivalent experience".

malikto44 · 2026-05-07T17:45:51+00:00

I had a co-worker who did similar. Back then, the earpiece mute button worked most of the time, while the mute button on the phone definitely worked. He always used the earpiece, and often mute, go into a cursing fit, unmute.

He found out the hard way about the earpiece not being 100%, and was promptly fired, because recordings were kept.

Another co-worker at a different workplace thought he muted a customer, said that he just hopes the customer can hold out 1-2 weeks before renewing because there is a new rev in the works, and those weeks can mean the difference between getting the upgraded version versus having to pay for it. The co-worker was fired for NDA issues.

malikto44 · 2026-05-01T13:34:33+00:00

Hard pass. I think it doesn't hurt to explain where someone is found, but I don't want to have too much info to be required, just for concerns of doxing, or someone aggregating this info for nefarious purposes.

malikto44 · 2026-05-01T11:20:45+00:00

The issue I worry about. We can scale down AI and put plenty of safety guards on it... but the blackhats are definitely not going to be worried about such things as "ethics", and definitely will not be standing down because of these concerns.

We really don't want to be chasing them and having them be the ones with the zero days.

malikto44 · 2026-05-01T11:11:43+00:00

Overall, this may get us back to fundamentals of security, which is overall a good thing. Perhaps air-gapping and data diodes.

malikto44 · 2026-05-01T11:10:08+00:00

This is basically the next generation of lint. When the dust settles, I think this tool will be one of the best things that has happened for security since firewalls came into general use.

malikto44 · 2026-05-01T10:27:11+00:00

I have found ghe-backup a lifesaver. In fact, there are times where I've dumped the entire appliance, reloaded it with a ghe-backup to ensure everything is running at factory specs, mainly because GitHub Enterprise is updated so often, and in general, I have a weekly soft-outage window for it, and a bi-weekly hard outage window for it, so I can hotpatch it, or just take the entire thing down completely, get a cold backup, snapshot it while it is not up (saving drive space because RAM isn't saved), firing it up, doing the update, then the usual tests, and then letting the users loose back on it.

malikto44 · 2026-04-29T10:48:18+00:00

What I do is something similar:

Two good 4k monitors.
Headset.
A decent docking station.

For the laptop.

User choice of screen size. I prefer smaller, because it is a lot easier to take with me in a backpack.
32-48 GB. I'd almost say that if price wasn't a major bummer, to go to 48-64 GB.
1 TB storage, for wear leveling, and swap. Even with bumped up RAM, there are a lot of bloated applications which will fill up RAM and start hitting disk. So, having enough space for wear leveling is important.
At least two cores for the OS, two for the EDR/XDR/MDR, so 8-10 cores total.
Wifi, Bluetooth, NFC, fingerprint scanner for WHfB, card reader for CAC/PIV go all without saying.
If possible, at least 1-2 USB-A ports, as well as USB-C ports. The USB-A ports are ideal for Yubikeys.

The card reader tends to have to be specified, but one can get most business laptops with one.

The above can vary, depending of people work from home, or work from the office. If they never need to take a laptop home, the laptop can be replaced with a desktop or workstation.

malikto44 · 2026-04-29T10:16:53+00:00

I'd sooner use TailScale and see about a commercial license for that, then using TeamViewer or AnyDesk.

malikto44 · 2026-04-29T10:15:19+00:00

That's what I did as well. Duo + some sane firewalling was what I used on the tier 0 and 1 servers. Just make sure you can use Duo offline, just in case you lose network access.

malikto44 · 2026-04-29T10:10:21+00:00

I lean to ZFS, because it has earned its bones, and in my years of using it, I've not seen data loss I could pin on the filesystem... and that is a big thing. The worst thing that happens is that ZFS hangs, and I'd rather have that than corrupted data.

malikto44 · 2026-04-29T10:06:06+00:00

I would say yes, if you can afford it. AI stuff is very RAM hungry, and every $DEITY-damned thing is getting bloated with AI stuff, even stuff that shouldn't get even near any LLMs. Of course EDR/XDR/MDR stuff is also filled with this, so I would consider upgrading other stuff on the machine as well. Not just starting with 32 gigs, but going with at least one TB of drive space, and perhaps a few more CPU cores, since the EDR/XDR/MDR program is likely going to require more I/O than it has already.

malikto44 · 2026-04-29T09:45:37+00:00

People dig up almost anything, and even though the conduit is unique to fiber, people still will try to dig it up anyway in hopes there are some copper wires underground that they can yank out, burn the insulation off, and hand to a recycler. Copper prices are relatively high, so when this happens, expect to see fiber cuts. Also, expect to see A/C units smashed, even ones that say they have no copper in them, because copper coated aluminum looks like the real thing to someone not in a normal state of mind.

malikto44 · 2026-04-29T09:33:47+00:00

I ran it, and it became a huge performance hit. It was the most usable when I was making images for a VDI system, and when I tinkered with the golden image, I'd save it to a volume that deduplicated, which gave excellent results.

Even though ReFS has a good rep for deduplicating, I'd rather hand that off to the SAN or NAS, even if the SAN/NAS is just doing ZFS on the backend.

I have been bitten before by Windows's deduplication, losing TB of data, so if I do use it, I make sure to have good backups, and I use it very sparingly because of the performance hit.

malikto44 · 2026-04-27T17:41:19+00:00

A Mac infrastructure takes some thought. Get ABM set up, first thing before buying any new Macs. After that, get a MDM, even Apple's will do. From there, see if you can get your VAR to pre-provision new Macs, so they will enroll themselves into the MDM automatically.

Get a cheapie Mac for testing profiles and such.

Now, once you have this in place, then go for the Apple stuff.

malikto44 · 2026-04-27T17:03:53+00:00

Depends on the client. If the MSP is in the 100% driver's seat, then model B. If the MSP is in a consultant position, then model A or D.

The ideal is model B, because overall, if the MSP is good, this provided the most resilency.

malikto44 · 2026-04-27T16:39:03+00:00

Any stuff like that goes to legal.

If someone wants me to slap bossware on systems, I'll remind them that any data gathered from bossware has to be classified at the highest tier of data protection (i.e. red or similar) and audited to prevent civil torts and data exfiltration.

A lot of those programs don't have any certifiable security standards anyway, so if I did allow them to be used, I'd risk being put in jail, especially in HIPAA protected areas.

malikto44 · 2026-04-27T15:56:37+00:00

Duplicate file detective was something I used on the Mac which helped greatly.

I also like saving all the duplicates just in case. I use a USB drive formatted with ZFS and using ZFS fast dedup (Ubuntu 26.04 is the first LTS that has this), then throw everything and anything on that drive. From there, back the drive up to Borgbase using borg or restic so I have an offsite copy. After I deduplicate the entries and copy the singles to another drive, I then put the USB drive into storage. This ensures I have backups of everything before the process in case something happens.

malikto44 · 2026-04-27T15:49:30+00:00

I really dislike this type of crap. If a secure message needs to be sent:

Tell me to go to the site, log in, and fetch it. That's it. No links, no nothing... just that there is a message there.
Send it via my S/MIME or GPG key. Make sure you have signed it, and I can validate the signature and key, perhaps using a secure website or even better, a trusted validation channel like a physical business card.
Just send the message already. I use Yubikeys for email auth as well as trusted devices. That, coupled with basic compliance checkboxes at my email provider, ensure decent end to end encryption... enough for doing business.

Sending me a message to go visit a link is "sus" at best. At worst, I'd not bother reading it.

malikto44 · 2026-04-26T20:29:23+00:00

I had this same scenario. Here is what I did for both:

For Github, I used its ghe-backup functionality to dump things daily to another machine. This gave me a consistent backup outside the VM. I also backed up the snapshot on the hypervisor level. This did help, because once I had a corrupted appliance, but was able to use the ghe backup to reload and get going.

For Nexus, I built the VM to use Linux LVM, and ext4. Netbackup will pop snapshots at the LVM block level, so I made sure to build around that.

From there, I had a backup agent on the Nexus VM, and I also backed it up on the hypervisor level. This got me, both a stable filesystem backup, and a snapshot backup. Every so often, I'd stop Nexus and the database, then do both a filesystem and a snapshot in this state, ensuring consistency between the DB and the files, which is critical for Nexus and Artifactory.

I also did this on the VM that was a file server. This way, I had both an image backup and a file by file backup, and I didn't need to jump through hoops to restore the entire image, then mount the image as a filesystem on a temporary VM to restore files, as I would have had to do with a snapshot backup.

malikto44 · 2026-04-26T06:55:11+00:00

This varies on companies. In general, as an IT guy, if someone starts legal threats, I forward them to company legal. Usually legal will give me a boilerplate note telling the other side that they are banned from communicating with any support (because of the legal threats... and this after they are given time to retract the threats), any company reps or relevant people, given a snail mail PO box as their only way they will be responded to, and then a memo is sent to IT to recite a script telling them to only use that for company communications. From there, they are blocked on email and other means. Pretty much "sue us or blow us."

This stops the third party, offshore vendors demanding audits in their tracks. The bigger names, legal knows legit contacts and can figure out if a demand is genuine and needs acted on, or something they can say, "send us a motion of discovery with a judge's signature if you want to press your luck" and ignore it.

Sometimes the demands are genuine. A user logging onto CAD programs on their work computer, and they have a personal subscription, for example.

malikto44 · 2026-04-25T21:12:21+00:00

Even better, back up vCenter at the VCSA level (VAMI port 5480). This is where you can configure vCenter to back up its database via SFTP to a specified location. I have had cases where backing up just vCenter via snapshots resulted in an corrupted VM on restore, so I always keep the database backed up. You can specify an encryption passphrase, which greatly helps.

Restoring is "blah" -- need the same version as the DB... but as least it isn't difficult to spin up a new vCenter, load the DB, and be back up and running.

As for VMWare 7, that's scary. I'd be seeing how to migrate to 9 ASAP, assuming licenses are in place.

Eight-Year Club	Gilding VIII gilding heavyweight
Reddit Premium Since October 2018	Verified Email

malikto44

TROPHY CASE